Malicious PDF — malware analysis report

Static analysis result for SHA-256 2d8eea99a023f990…

MALICIOUS

PDF

14.3 KB Created: 2019-05-07 04:21:03 +01:00 Authoring application: mPDF 5.7
MD5: 1836ba27ff0d50085af42e1aa80393b7 SHA-1: 33096fd8e6abcda8b85dd725d542a07f184f5c05 SHA-256: 2d8eea99a023f990018d415256f9eab600ce1885f81afc961f2f63802f618ab2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, likely for SEO manipulation or to redirect users to malicious sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a05a00a03a08a03/The-Spellcoats-The-Dalemark-Quartet-3-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a00a06a04a01a08/Cart-and-Cwidder-The-Dalemark-Quartet-1-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a07a02a05a01a09/Cart-and-Cwidder-The-Dalemark-Quartet-1-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a06a03a08a01a08/Power-of-Three-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/3a08a01a00a05a02/Dogsbody-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/3a01a04a05a08a09/Power-Of-Three-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a00a06a04a05a01/The-Game-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/3a00a01a03a04a01/The-Time-of-the-Ghost-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/3a02a01a07a08/The-Pinhoe-Egg-Chrestomanci-6-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a08a04a02a03a08/The-Time-of-the-Ghost-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/3a08a09a04a05a00/Fire-and-Hemlock-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/2a06a07a01a00/Enchanted-Glass-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/3a00a03a04a03a08/Earwig-and-the-Witch-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/4a04a05a00a07a09/Minor-Arcana-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a07a02a04a04a08/Charmed-Life-Chrestomanci-1-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/4a00a07a08a03a09/Charmed-Life-Chrestomanci-1-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a04a06a09a01a06/A-Sudden-Wild-Magic-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/4a03a07a07a03/Witch-Week-Chrestomanci-3-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/2a07a05a03a03a08/Reflections-On-the-Magic-of-Writing-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/4a05a06a03a01/The-Tough-Guide-to-Fantasyland-by-Diana-Wynne-Jones.pdf
    • http://muicuiu.dumb1.com/1a08a04a02a03a08/The-Time-of-the-Ghost-by-D

Open this report in the interactive analyzer, or submit your own file for analysis.