Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e848c53c1a7f066…

MALICIOUS

PDF

19.9 KB Created: 2020-03-21 08:57:54 +00:00 Authoring application: mPDF 5.7
MD5: 6d4a5cdb73d9fb1b23de7cf392545150 SHA-1: 2bab82f8be0ea5449aa171644e8657a6a09649ff SHA-256: 1e848c53c1a7f0660125ca33d8a1a47f6f313f4dcba2b7a487981f38daaf1e30
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to the domain kitasdyu.myhome.cx. These links are likely part of a link farm designed to artificially boost search engine rankings or redirect users to malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/1870870877870876870/Where-Light-and-Shadow-Meet-A-Memoir-by-Emilie-Schindler.pdf
    • http://kitasdyu.myhome.cx/2873875876878879/A-Conspiracy-of-Alchemists-Chronicles-of-Light-and-Shadow-Chronicles-of-Light-amp-Shadow-1-by-Liesel-Schwarz.pdf
    • http://kitasdyu.myhome.cx/1870870877870877870/Comparing-the-Movie-Schindler-s-List-to-the-Real-Life-Story-of-Oskar-Schindler-by-Victoria-Hockfield.pdf
    • http://kitasdyu.myhome.cx/5873871873877872/The-Color-of-Light-Goddesses-Anonymous-4-by-Emilie-Richards.pdf
    • http://kitasdyu.myhome.cx/3878879877870877/Grand-Conspiracy-Wars-of-Light-amp-Shadow-5-Arc-3---Alliance-of-Light-2-by-Janny-Wurts.pdf
    • http://kitasdyu.myhome.cx/1875876871878870/Fugitive-Prince-Wars-of-Light-amp-Shadow-4-Arc-3---Alliance-of-Light-1-by-Janny-Wurts.pdf
    • http://kitasdyu.myhome.cx/1873873870872876/Stormed-Fortress-Wars-of-Light-and-Shadow-8-Arc-3---Alliance-of-Light-5-by-Janny-Wurts.pdf
    • http://kitasdyu.myhome.cx/1873872875878871/Grand-Conspiracy-Wars-of-Light-amp-Shadow-5-Arc-3---Alliance-of-Light-2-by-Janny-Wurts.pdf
    • http://kitasdyu.myhome.cx/2871870874875879/Dragon-Light-The-Chronicles-of-Shadow-and-Light-3-by-Dusty-Lynn-Holloway.pdf
    • http://kitasdyu.myhome.cx/1871879872872878/Immortal-Light-Into-Shadow-Immortal-Light-2-by-John-D-Sperry.pdf
    • http://kitasdyu.myhome.cx/7874872873876872/Emilie-Barnes-15-Minute-Home-and-Family-Organizer-by-Emilie-Barnes.pdf
    • http://kitasdyu.myhome.cx/3875872877873874/The-Light-of-the-World-A-Memoir-by-Elizabeth-Alexander.pdf
    • http://kitasdyu.myhome.cx/3874879879877/The-Long-Shadow-of-Little-Rock-A-Memoir-by-Daisy-Bates.pdf
    • http://kitasdyu.myhome.cx/1870877876876878/Eleven-Shadow-and-Light-1-by-J-J-Bende.pdf
    • http://kitasdyu.myhome.cx/1871879873876878874/Trapped-by-Light-and-Shadow-by-J-R-Burnett.pdf
    • http://kitasdyu.myhome.cx/2872873876870874/Tenebrism-Light-and-Shadow-1-by-A-D-Truax.pdf
    • http://kitasdyu.myhome.cx/2876876872875872/The-Library-of-Light-and-Shadow-by-M-J-Rose.pdf
    • http://kitasdyu.myhome.cx/2872879871870872/Nocturne-Light-and-Shadow-3-by-A-D-Truax.pdf
    • http://kitasdyu.myhome.cx/4878876878872875/True-At-First-Light-A-Fictional-Memoir-by-Ernest-Hemingway.pdf
    • http://kitasdyu.myhome.cx/3876873874875871/Protected-by-the-Light-A-Spiritual-Memoir-by-Debra-Roinestad.pdf
    • http://kitasdyu.myhome.cx/3878879877870877/Grand-Conspiracy-War

Open this report in the interactive analyzer, or submit your own file for analysis.