Malicious PDF — malware analysis report

Static analysis result for SHA-256 2741a9b2d172fd94…

MALICIOUS

PDF

12.4 KB Created: 2020-03-13 20:19:57 +00:00 Authoring application: mPDF 5.7
MD5: dc39eed676ba191bc07adba6607de17c SHA-1: 35c5bcdb2209eae5d10707535dd05ffdc80f7f2b SHA-256: 2741a9b2d172fd9430af5968088fe206b4da46ecf60d6f3f935b82ba0e835c43
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, hosted on the domain kitasdyu.myhome.cx. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/5878873876871877/Masque-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/9874870871870874/Runaways-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3873873875878873/The-Stable-Boy-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2870871878878879/The-Broken-Forest-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3878872875879874/The-Menagerie-Lynx-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4873878873870879/Burning-Bright-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/6878873872873874/The-Shining-Knight-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2878876873871878/Tournament-of-Losers-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2879879871872877/Fairytales-Slashed-3-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4875879878873873/Delivery-With-A-Smile-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3878872875879878/Fairytales-Slashed-2-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3872871879876878/The-Dragon-s-Tamer-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4873878873871870/Treasure-The-Lost-Gods-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4872872876878874/Two-for-the-Show-Missing-Butterfly-4-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/1877873873874879/The-Bastard-Prince-Kria-3-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2877877877871879/Ruffskin-Dance-with-the-Devil-2-5-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4872872878878874/The-Missing-Butterfly-Lovesongs-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2870871874872873/Sandstorm-Tales-of-Tavamara-2-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2875877871873870/Backwoods-Asylum-Lost-Shifters-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3871875878876870/Burning-Bright-The-Lost-Gods-2-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4873878873871870/Treasure-The-Lost-Gods-1-b

Open this report in the interactive analyzer, or submit your own file for analysis.