Malicious PDF — malware analysis report

Static analysis result for SHA-256 1d1c980455700a6a…

MALICIOUS

PDF

16.0 KB Created: 2019-05-03 05:04:01 +01:00 Authoring application: mPDF 5.7
MD5: 5f1c137b73bb7f9f15cfbda5a2816701 SHA-1: 7021731a4d15febc52e5aacece28517d8154078b SHA-256: 1d1c980455700a6a440c9faba01286af5ff707ca959470dce7aea5397932c5fc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily corrupted, the presence of numerous links suggests a redirection or SEO poisoning attack. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a00a07a09a01a04a04/A-Doll-s-House-and-Hedda-Gabler-by-Linnea.pdf
    • http://muicuiu.dumb1.com/4a09a04a02a05a02/3-Plays-By-Ibsen-Hedda-Gabler-A-Doll-s-House-The-Wild-Duck-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/1a01a03a05a06a02a00/Hedda-Gabler-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/4a01a01a01a04a09/Hedda-Gabler-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/2a00a08a09a06a01/Hedda-Gabler-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/4a00a04a01a08a05/Hedda-Gabler-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/3a09a08a02a04a04/The-Doll-s-House-by-Rumer-Godden.pdf
    • http://muicuiu.dumb1.com/4a02a06a04a04a03/A-Doll-s-House-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/3a02a08a01a02/A-Doll-s-House-by-Henrik-Ibsen.pdf
    • http://muicuiu.dumb1.com/1a00a04a01a08a07a00/Liza-Little-The-Doll-House-by-Ritu-Ghosh.pdf
    • http://muicuiu.dumb1.com/3a06a05a06a05a02/The-Doll-s-House-Brennan-amp-Esposito-5-by-Tania-Carver.pdf
    • http://muicuiu.dumb1.com/9a04a07a04a07a06/Treasury-of-Kathe-Kruse-Doll-by-Random-House.pdf
    • http://muicuiu.dumb1.com/2a03a09a06a05/The-Sandman-Vol-2-The-Doll-s-House-The-Sandman-2-by-Neil-Gaiman.pdf
    • http://muicuiu.dumb1.com/9a05a08a00a07a00/Austrian-Noble-Houses-House-of-Babenberg-House-of-Schaffgotsch-House-of-Kinsky-House-of-Graben-Von-Stein-House-of-Zierotin-by-Books-LLC.pdf
    • http://muicuiu.dumb1.com/1a01a04a07a03a03a01/Plants-Do-Amazing-Things-by-Hedda-Nussbaum.pdf
    • http://muicuiu.dumb1.com/9a02a03a01a08a03/Der-Gang-in-Die-Weite-by-Erdmute-Gabler.pdf
    • http://muicuiu.dumb1.com/1a08a08a00a00/Death-of-the-Dream-Farmhouses-of-the-Heartland-by-William-G-Gabler.pdf
    • http://muicuiu.dumb1.com/1a01a06a04a06a08a02/Handbuch-der-Forschung-zum-Lehrerberuf-by-Hedda-Bennewitz-Martin-Rothland-Ewald-Terhart.pdf
    • http://muicuiu.dumb1.com/2a01a07a09a04/Winchell-Gossip-Power-and-the-Culture-of-Celebrity-by-Neal-Gabler.pdf
    • http://muicuiu.dumb1.com/9a00a04a03a09a01/Barbra-Streisand-Redefining-Beauty-Femininity-and-Power-by-Neal-Gabler.pdf
    • http://muicuiu.dumb1.com/2a03a09a06a05/The-Sandman-Vol-2-The-Doll-s-House-The-

Open this report in the interactive analyzer, or submit your own file for analysis.