Malicious PDF — malware analysis report

Static analysis result for SHA-256 266a198aa88dc354…

MALICIOUS

PDF

16.5 KB Created: 2020-03-12 02:12:39 +00:00 Authoring application: mPDF 5.7
MD5: 0755221320c70fa4906b3c787a7c0622 SHA-1: a3bf2a1d46af8e8349c7cfe5fb9dc017ed52345b SHA-256: 266a198aa88dc35451f85c520a7325ab84ad06f9244b4c2f406362ebc50cac27
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to book titles on the domain 'ieuicufioao.myhome.cx'. This pattern is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier strongly supports the malicious verdict. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ieuicufioao.myhome.cx/3550551551554557/The-Wolven-The-Keepers-Trilogy-3-by-Deborah-Leblanc.pdf
    • http://ieuicufioao.myhome.cx/1559554553552551/A-House-Divided-by-Deborah-Leblanc.pdf
    • http://ieuicufioao.myhome.cx/4550554557556554/The-Keepers-The-Keepers-Trilogy-1-by-J-L-Block.pdf
    • http://ieuicufioao.myhome.cx/3550551551554559/The-Shifters-The-Keepers-Trilogy-2-by-Alexandra-Sokoloff.pdf
    • http://ieuicufioao.myhome.cx/1550556550557/Countdown-The-Sixties-Trilogy-1-by-Deborah-Wiles.pdf
    • http://ieuicufioao.myhome.cx/7558552556555556/The-Keepers-Clarissa-s-Keepers-by-Sandy-Kline.pdf
    • http://ieuicufioao.myhome.cx/9555558556/The-Book-of-Life-All-Souls-Trilogy-3-by-Deborah-Harkness.pdf
    • http://ieuicufioao.myhome.cx/3554557558550550/A-Discovery-of-Witches-All-Souls-Trilogy-1-by-Deborah-Harkness.pdf
    • http://ieuicufioao.myhome.cx/7555554555551/A-Discovery-of-Witches-All-Souls-Trilogy-1-by-Deborah-Harkness.pdf
    • http://ieuicufioao.myhome.cx/4557550559555558/The-Book-of-Life-All-Souls-Trilogy-3-by-Deborah-Harkness.pdf
    • http://ieuicufioao.myhome.cx/8558552554559/The-Book-of-Life-All-Souls-Trilogy-3-by-Deborah-Harkness.pdf
    • http://ieuicufioao.myhome.cx/9554552/The-Book-of-Life-All-Souls-Trilogy-3-by-Deborah-Harkness.pdf
    • http://ieuicufioao.myhome.cx/1550554556552557559/Reign-of-Shadows-The-Ruby-Throne-Trilogy-1-by-Deborah-Chester.pdf
    • http://ieuicufioao.myhome.cx/3551555554553559/The-Lighthouse-Keepers-Lighthouse-Trilogy-3-by-Adrian-McKinty.pdf
    • http://ieuicufioao.myhome.cx/5551558558554553/De-kinderen-van-de-nacht-over-wolven-en-mensen-by-Dik-van-der-Meulen.pdf
    • http://ieuicufioao.myhome.cx/7551555553554556/Soft-Shatter-Wolven-Moon-1-by-Dany-Rae-Miller.pdf
    • http://ieuicufioao.myhome.cx/4558557557557553/Regency-Romance-Deborah-and-the-Mystery-Man-Book-Three-of-The-Dowagers-Pact-Trilogy-by-Amelia-Fernside.pdf
    • http://ieuicufioao.myhome.cx/1557556552552556/The-World-Keepers-Three-Book-Set-Roblox-Fantasy-The-World-Keepers-1-3-by-Ty-The-Hunter.pdf
    • http://ieuicufioao.myhome.cx/1553554558555551/The-Curse-Keepers-The-Curse-Keepers-1-by-Denise-Grover-Swank.pdf
    • http://ieuicufioao.myhome.cx/7554553557553/Finders-Keepers-Finders-Keepers-1-by-Emily-Rodda.pdf
    • http://ieuicufioao.myhome.cx/155055455655

Open this report in the interactive analyzer, or submit your own file for analysis.