Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a86775663feb6b7…

MALICIOUS

PDF

14.9 KB Created: 2020-03-18 18:08:54 +00:00 Authoring application: mPDF 5.7 First seen: 2020-12-28
MD5: 686ced863ec2ae999c483740901f9d0a SHA-1: da8438fb7faf6e185a882e46962a04bef3dea20b SHA-256: 1a86775663feb6b76f20170b5138125ca0d88be372d535860275848f33b95925
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a heuristic firing indicating a link farm with 22 external PDF links, all pointing to the same domain 'weisncio.myhome.cx'. The ML classifier also flagged this PDF as malicious. The embedded links likely serve as a lure to download further malicious content or redirect to phishing pages.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9200

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://weisncio.myhome.cx/1620620624623629/The-Fields-by-Conrad-Richter.pdf In PDF document text
    • http://weisncio.myhome.cx/3620626624624626/The-Trees-by-Conrad-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/4625624624620/The-Fields-by-Conrad-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/2623622622624/The-Town-by-Conrad-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/6629621625628/The-Awakening-Land-The-Trees-The-Fields-amp-The-Town-by-Conrad-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/1620625622628629624/Grass-and-Grimmelshausen-G-nter-Grass-s-quot-Das-Treffen-in-Telgte-quot-and-Rezeptionstheorie-by-Susan-C-Anderson.pdfIn PDF document text
    • http://weisncio.myhome.cx/3622623626623628/Lord-Conrad-s-Crusade-Conrad-Stargard-7-by-Leo-Frankowski.pdfIn PDF document text
    • http://weisncio.myhome.cx/1626624627622628/Lord-Conrad-s-Lady-Conrad-Stargard-5-by-Leo-Frankowski.pdfIn PDF document text
    • http://weisncio.myhome.cx/3622621624629624/Conrad-s-Quest-for-Rubber-Conrad-Stargard-6-by-Leo-Frankowski.pdfIn PDF document text
    • http://weisncio.myhome.cx/6626623625627629/My-Father-Joseph-Conrad-by-Borys-Conrad.pdfIn PDF document text
    • http://weisncio.myhome.cx/8621627621623623/Heart-of-Darkness-by-Joseph-Conrad-Illustrated-Heart-of-Darkness-1899-is-a-short-novel-by-Polish-novelist-Joseph-Conrad-by-Joseph-Conrad.pdfIn PDF document text
    • http://weisncio.myhome.cx/5628628620620627/Heart-Of-Darkness-By-Joseph-Conrad-Illustrated-by-Joseph-Conrad.pdfIn PDF document text
    • http://weisncio.myhome.cx/8626628621622626/Gerhard-Richter-Portraits-by-Gerhard-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/1621628627621623627/Heart-of-Darkness-the-Classic-Novel-by-Joseph-Conrad-Classic-Books-by-Joseph-Conrad.pdfIn PDF document text
    • http://weisncio.myhome.cx/1626625623627620/The-Rat-by-G-nter-Grass.pdfIn PDF document text
    • http://weisncio.myhome.cx/2626627627627628/The-Necromancer-by-P-M-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/8626628622620620/Gerhard-Richter-by-Gerhard-Richter.pdfIn PDF document text
    • http://weisncio.myhome.cx/3627627626626624/The-Grass-Widow-by-Nanci-Little.pdfIn PDF document text
    • http://weisncio.myhome.cx/1626625623623629/Too-Far-Afield-by-G-nter-Grass.pdfIn PDF document text
    • http://weisncio.myhome.cx/1627622620628626/The-Tin-Drum-by-G-nter-Grass.pdfIn PDF document text