Malicious PDF — malware analysis report

Static analysis result for SHA-256 22ea82e864f9c887…

MALICIOUS

PDF

17.4 KB Created: 2019-04-30 04:38:33 +01:00 Authoring application: mPDF 5.7
MD5: f05d9126c343eafa13a02bbed7d39255 SHA-1: 22813d6e1c5ebc08d6a7cdfbb8a39bd71c930b4f SHA-256: 22ea82e864f9c88767b8d8693408dea4ea13c9d8b81cd5bd0beb082f972fbeaf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While most of these links point to book titles and are marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to host further malicious content. The ML_NYX_PDF_MALICIOUS classifier strongly supports this assessment. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a06a09a01a01/The-Complete-Tawny-Man-Trilogy-Fool-s-Errand-The-Golden-Fool-Fool-s-Fate-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/4a09a06a01a04a05/The-Golden-Fool-Tawny-Man-2-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a04a04a07a09/Golden-Fool-Tawny-Man-2-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a04a09a08a04a03/Fool-s-Fate-Tawny-Man-3-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/1a07a06a05a05a01/Fool-s-Errand-Tawny-Man-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/5a04a00a00a06/Novels-By-Robin-Hobb-including-Assassin-s-Apprentice-Royal-Assassin-Assassin-s-Quest-Fool-s-Errand-novel-The-Golden-Fool-Shaman-s-Crossing-Fool-s-Fate-Ship-Of-Magic-Forest-Mage-Renegade-s-Magic-Dragon-Keeper-hobb-Novel-Ship-Of-Destiny-by-Hephaestus-Books.pdf
    • http://muicuiu.dumb1.com/9a08a08a05/Fool-s-Quest-The-Fitz-and-The-Fool-2-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/5a00a05a02a00a02/Fool-s-Quest-The-Fitz-and-The-Fool-2-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a01a03a07a00/Fool-39-s-Assassin-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/2a01a08a06a01a09/Assassin-s-Fate-The-Fitz-and-the-Fool-3-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/2a02a01a00a08a06/The-Inheritance-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/7a09a05a04a08a09/La-nave-in-fuga-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/4a02a07a04a08a01/Shaman-s-Crossing-Soldier-Son-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a02a06a05a07/Assassin-s-Apprentice-Farseer-Trilogy-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/7a03a07a04a03/O-Punhal-do-Soberano-A-Saga-do-Assassino-2-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/4a00a05a07a08a08/Assassin-s-Apprentice-Farseer-Trilogy-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/5a02a03a04a02/Ship-of-Magic-Liveship-Traders-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a02a02a04a01a06/Assassin-s-Apprentice-The-Farseer-Trilogy-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a04a01a02a09a09/Assassin-s-Apprentice-Farseer-Trilogy-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a05a00a03a07a07/Ship-of-Magic-Liveship-Traders-1-by-Robin-Hobb.pdf
    • http://muicuiu.dumb1.com/3a01a03a07a00/Fool-

Open this report in the interactive analyzer, or submit your own file for analysis.