Malicious PDF — malware analysis report

Static analysis result for SHA-256 2cefe029643ae448…

MALICIOUS

PDF

13.0 KB Created: 2020-03-18 20:30:58 +00:00 Authoring application: mPDF 5.7
MD5: b41b0db8da6216b93f76dcef40906106 SHA-1: cefa7eea807eeba02436bca4d61b5eff02ed2924 SHA-256: 2cefe029643ae4480f1f45edc9407909681f90b3f5abb15c76bd477b3bb7c586
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDFs hosted on the domain 'calistazz.myhome.cx'. This is indicative of a link farm or a lure to download further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://calistazz.myhome.cx/4869860866865860/Amitav-Ghosh-s-The-Shadow-Lines-by-Novy-Kapadia.pdf
    • http://calistazz.myhome.cx/4860869867866867/Countdown-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/2863860861860864/Sea-of-Poppies-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/2864860864861868/Sea-of-Poppies-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/1869867864862861/The-Hungry-Tide-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/1860861862865863/River-of-Smoke-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/2860865862869864/The-Glass-Palace-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/3863869868861863/The-Hungry-Tide-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/7864865864861/The-Glass-Palace-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/1868864861864861/The-Glass-Palace-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/9864865/Flood-of-Fire-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/1868862868866862/Sea-of-Poppies-Ibis-Trilogy-1-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/3865868866867/Sea-of-Poppies-Ibis-Trilogy-1-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/3863869868860862/River-of-Smoke-Ibis-Trilogy-2-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/2862861860864862/River-of-Smoke-Ibis-Trilogy-2-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/3864861863865861/The-Great-Derangement-Climate-Change-and-the-Unthinkable-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/7865863861869/River-of-Smoke-Ibis-Trilogy-Book-2-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/3863869861861861/The-Calcutta-Chromosome-A-Novel-of-Fevers-Delirium-amp-Discovery-by-Amitav-Ghosh.pdf
    • http://calistazz.myhome.cx/2862866865860866/Mind-Lines-Lines-for-Changing-Minds-by-L-Michael-Hall.pdf
    • http://calistazz.myhome.cx/7865863867866/White-Lines-White-Lines-1-by-Tracy-Brown.pdf
    • http://calistazz.myhome.cx/3863869868860862/River-of-Smo

Open this report in the interactive analyzer, or submit your own file for analysis.