Malicious PDF — malware analysis report

Static analysis result for SHA-256 2ddbf063a3abd5c9…

MALICIOUS

PDF

16.2 KB Created: 2019-04-29 22:46:04 +01:00 Authoring application: mPDF 5.7
MD5: 94a18c14f3319ee99ad51be6b3900b42 SHA-1: d921d559594d2fb62785666d7cfbcfc022a872ff SHA-256: 2ddbf063a3abd5c96c6471f1f11e52d7c6accfed73421c1045c5086192520bee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier strongly indicated maliciousness. While no scripts were extracted, the PDF structure and link farm heuristic suggest a delivery mechanism for further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a04a07a08a09a00/The-Collected-Stories-of-Philip-K-Dick-1-The-Short-Happy-Life-of-the-Brown-Oxford-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a00a05a00a02a07/The-Collected-Stories-of-Philip-K-Dick-1-The-Short-Happy-Life-of-the-Brown-Oxford-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a05a04a09a02a00/The-Collected-Works-of-Philip-K-Dick-11-Science-Fiction-Stories-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a03a08a07a05a05/The-Collected-Stories-of-Philip-K-Dick-2-We-Can-Remember-it-for-You-Wholesale-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/2a04a00a03a04a01/Minority-Report-Volume-Four-Of-The-Collected-Stories-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/4a05a04a00a02a04/Human-Is-A-Philip-K-Dick-Reader-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a03a08a09a01a09/Lies-Inc-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a01a03a07a00a09a08/The-Defenders-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/4a07a02a06a06a04/Roog-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/2a05a05a07a04a09/Paycheck-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/3a07a07a02a08a05/Time-Out-of-Joint-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/5a00a02a05a02a09/Of-Withered-Apples-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a00a01a00a03a02a05/Ubik-The-Screenplay-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a07a02a00a03a02/We-Can-Remember-It-for-You-Wholesale-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a07a05a01a06a02/Our-Friends-from-Frolix-8-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/1a05a04a07a07a06/The-Cosmic-Puppets-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/2a05a03a09a01a09/Vulcan-s-Hammer-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/3a08a05a08a06a09/Deus-Irae-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/3a09a08a01a08a09/Now-Wait-For-Last-Year-by-Philip-K-Dick.pdf
    • http://muicuiu.dumb1.com/6a08a09a05a02a07/The-Mold-of-Yancy-by-Philip-K-Dick.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.