Malicious PDF — malware analysis report

Static analysis result for SHA-256 266f4457813ac9e5…

MALICIOUS

PDF

16.8 KB Created: 2019-05-07 08:17:10 +01:00 Authoring application: mPDF 5.7
MD5: 553ad2ac7ae61191ca99d1451652a041 SHA-1: afcf9fcfaba610d09c110a1ad4156b5534f5038a SHA-256: 266f4457813ac9e55ce14d1571805bdfb71888bb98e8dcc312b113d14f9df5ca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'muicuiu.dumb1.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier strongly supports the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/9a04a07a01a00a06/Der-gute-Terrorist-Ein-Auftrag-f-r-Spenser-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/9a03a01a00a07a02/Spenser-und-das-gestohlene-Manuskript-Ein-Auftrag-f-r-Spenser-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/1a00a03a09a02a03a01/Hundert-Dollar-Baby-Ein-Auftrag-f-r-Spenser-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/1a02a04a07a03a07/Valediction-Spenser-11-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a00a08a03a05a03/Stardust-Spenser-17-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a03a06a03a05/Ceremony-Spenser-9-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a03a06a04a01/Early-Autumn-Spenser-7-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a03a00a04a09a03/Hush-Money-Spenser-26-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/2a03a00a07a05a05/Double-Deuce-Spenser-19-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a04a08a07a07a09/Robert-B-Parker-s-Kickback-Spenser-43-by-Ace-Atkins.pdf
    • http://muicuiu.dumb1.com/3a06a02a03a00a09/Double-Deuce-Spenser-19-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a00a03a07a07a09/School-Days-Spenser-33-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a09a00a06a08a07/Robert-B-Parker-s-Wonderland-Spenser-41-by-Ace-Atkins.pdf
    • http://muicuiu.dumb1.com/1a06a05a08a03a07/Hundred-Dollar-Baby-Spenser-34-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a03a07a01a05a09/Robert-B-Parker-s-Little-White-Lies-Spenser-45-by-Ace-Atkins.pdf
    • http://muicuiu.dumb1.com/2a08a08a00a08a09/Pale-Kings-And-Princes-Spenser-14-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/6a00a03a09a04a07/Una-and-the-Red-Cross-Knight-and-Other-Tales-from-Spenser-s-Faery-Queene-by-Edmund-Spenser.pdf
    • http://muicuiu.dumb1.com/1a01a01a03a06a03a09/Terrorist-Recognition-Handbook-A-Practitioner-s-Manual-for-Predicting-and-Identifying-Terrorist-Activities-by-Malcolm-W-Nance.pdf
    • http://muicuiu.dumb1.com/1a01a01a03a02a08a08/Jihadi-John-The-Making-of-a-Terrorist-by-Robert-Verkaik.pdf
    • http://muicuiu.dumb1.com/9a04a07a02a05a08/Charles-Gute-Revisions-and-Queries-Works-on-Paper-by-Charles-Gute.pdf
    • http://muicuiu.dumb1.com/3a00a03a07a07a0

Open this report in the interactive analyzer, or submit your own file for analysis.