Malicious PDF — malware analysis report

Static analysis result for SHA-256 2b301680667da984…

MALICIOUS

PDF

16.9 KB Created: 2020-03-12 00:29:00 +00:00 Authoring application: mPDF 5.7
MD5: 8e890d6a8a03095f9ba20e302fe4f083 SHA-1: 3351dca5381e74f1324e2c20304f38089375b8b2 SHA-256: 2b301680667da984d489fcfb0c20395ee97ec5f8c8097a47949843d69d51af45
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, all hosted on the domain 'easckaolp.myhome.cx'. This indicates a link farm or redirection scheme designed to drive traffic to potentially malicious content. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://easckaolp.myhome.cx/3842843842847846/Superman-Time-and-Time-Again-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/4846844840849842/Superman-Reborn-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/1843844849848841/World-Without-a-Superman-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/6844846841847848/Superman-Lois-and-Clark-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/5840843844843846/The-Death-and-Return-of-Superman-Omnibus-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/1841848841848841840/Adventures-of-Superman-1986-2006-458-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/9847842844841840/Adventures-of-Superman-1986-2006-456-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/1841845846845844848/Adventures-of-Superman-1986-2006-459-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/1846843849842848/The-Death-of-Superman-The-Death-and-Return-of-Superman-1-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/4846844840847842/Superman-Action-Comics-Volume-3-Men-of-Steel-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/4846843847848845/Superman-Action-Comics-Volume-2-Welcome-to-the-Planet-by-Dan-Jurgens.pdf
    • http://easckaolp.myhome.cx/4841840840849846/A-Time-Travel-Fantasy-Bundle-Footsteps-in-Time-Prince-of-Time-After-Cilmeri-1-2-by-Sarah-Woodbury.pdf
    • http://easckaolp.myhome.cx/1841844846849840/Time-After-Time-Time-Between-Us-2-by-Tamara-Ireland-Stone.pdf
    • http://easckaolp.myhome.cx/4849847844846847/Distance-and-Time-Time-After-Time-1-by-Mel-Henry.pdf
    • http://easckaolp.myhome.cx/5849844843843841/Awakening-in-Time-Practical-Time-Management-for-Those-on-a-Spiritual-Path-by-Pamela-Kristan.pdf
    • http://easckaolp.myhome.cx/4844847848842840/How-to-Build-a-Time-Machine-The-Real-Science-of-Time-Travel-by-Brian-Clegg.pdf
    • http://easckaolp.myhome.cx/2841843845847844/Long-time-Listener-First-time-Werewolf-Kitty-Norville-1-3-by-Carrie-Vaughn.pdf
    • http://easckaolp.myhome.cx/5845847846846/Time-And-Eternity-Exploring-God-s-Relationship-To-Time-by-William-Lane-Craig.pdf
    • http://easckaolp.myhome.cx/4844845846845848/Caught-in-Time-A-Time-Travel-Romance-by-Sherry-Devereaux-Ferguson.pdf
    • http://easckaolp.myhome.cx/3842843848849848/The-Third-Time-Travel-MEGAPACK-18-Classic-Trips-Through-Time-by-Philip-K-Dick.pdf
    • http://easckaolp.myhome.cx/4841840840849846/A-Time-Travel

Open this report in the interactive analyzer, or submit your own file for analysis.