Malicious PDF — malware analysis report

Static analysis result for SHA-256 2e3ceab1fc5f6bad…

MALICIOUS

PDF

17.6 KB Created: 2019-04-30 02:38:19 +01:00 Authoring application: mPDF 5.7
MD5: bb28d7442f6d2e65e806e8b18ac3159e SHA-1: 3789ffedd24926e62a23104e33b782fb3bd658df SHA-256: 2e3ceab1fc5f6badd007a6b13739a2f8c5df7429488e3ea4f5405e618cf1bd05
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily corrupted, the presence of these links suggests a tactic to drive traffic to potentially malicious or SEO-manipulated content. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a00a07a07a08a02a04/Dubious-Deeds-The-Further-Adventures-of-Eddie-Dickens-1-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a08a02a06/Horrendous-Habits-The-Further-Adventures-of-Eddie-Dickens-2-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/3a09a02a04a02/Awful-End-Eddie-Dickens-Trilogy-1-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a08a02a05/Philip-Ardagh-s-Book-Of-Howlers-Blunders-And-Random-Mistakery-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a09a03a04/The-Grunts-All-at-Sea-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a09a09a09/Ancient-Egypt-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a09a09a08/Knights-And-Castles-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a00a03a07/Your-Body-Boogers-and-All-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a09a08a02/The-Truth-About-Christmas-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a09a08a06/Far-From-Great-Escape-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a00a04a00/Ancient-Greece-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a01a02a02/Wow-Events-That-Changed-the-World-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a08a03a02/The-Moomins-The-World-of-Moominvalley-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/5a02a09a02a05a01/Heir-of-Mystery-Unlikely-Exploits-2-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a01a02a00/William-the-Conqueror-Get-a-Life-1-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a07a09a04a04/Trick-Eggs-and-Rubber-Chickens-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a00a02a09/The-Truth-about-Fairies-Elves-Gnomes-Goblins-amp-the-Little-People-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a01a01a06/Did-Dinosaurs-Really-Snore-100-and-a-half-Dinosaur-Questions-Answered-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a01a02a07/The-Life-of-Major-General-Sir-John-Ardagh-by-Lady-Susan-Countess-of-Malmsbury-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a00a04a01/Why-are-Castles-Castle-Shaped-100-1-2-Questions-about-Castles-Answered-by-Philip-Ardagh.pdf
    • http://muicuiu.dumb1.com/1a00a

Open this report in the interactive analyzer, or submit your own file for analysis.