Malicious PDF — malware analysis report

Static analysis result for SHA-256 3336365cd2a7d056…

MALICIOUS

PDF

13.8 KB Created: 2019-04-30 04:43:22 +01:00 Authoring application: mPDF 5.7
MD5: a892658a6103e89df8c171522558c4ad SHA-1: 9d2977acc6668a00e0d6348ac19d3297c666083b SHA-256: 3336365cd2a7d0561dab1004c482b7d522615aac85e4547f58afb4700aa2a57f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents hosted on the domain 'xiixmcuin.linkpc.net'. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/4206200201205208/No-Getting-Over-You-by-Suzanne-Simon.pdf
    • http://xiixmcuin.linkpc.net/3201208200201202/The-Bumper-Book-of-Simon-s-Cat-Simon-s-Cat-4-75-by-Simon-Tofield.pdf
    • http://xiixmcuin.linkpc.net/3201207206206205/Simon-s-Cat-vs-the-World-Simon-s-Cat-4-by-Simon-Tofield.pdf
    • http://xiixmcuin.linkpc.net/3201208200207209/Play-Time-Simon-s-Cat-4-5-by-Simon-Tofield.pdf
    • http://xiixmcuin.linkpc.net/4206202207202204/The-Passionate-Eye-The-Collected-Writing-of-Suzanne-Vega-by-Suzanne-Vega.pdf
    • http://xiixmcuin.linkpc.net/3204200207206207/Simon-Thorn-and-the-Wolf-s-Den-Simon-Thorn-1-by-Aimee-Carter.pdf
    • http://xiixmcuin.linkpc.net/3206203207206200/Mark-The-Gospel-of-Simon-Peter-Simon-Peter-The-Character-of-a-Disciple---What-Mark-Recorded-by-B-Cobbey-Crisler.pdf
    • http://xiixmcuin.linkpc.net/4207200205207207/Simon-s-Cat-by-Simon-Tofield.pdf
    • http://xiixmcuin.linkpc.net/1200209204207207200/The-Zombie-Simon-Garth-4-of-4-The-Zombie-Simon-Garth-Vol-1-by-Kyle-Hotz.pdf
    • http://xiixmcuin.linkpc.net/8200202203206207/Vie-au-max-La-by-Suzanne-Julien.pdf
    • http://xiixmcuin.linkpc.net/1202205203207204/The-Other-Me-by-Suzanne-van-Rooyen.pdf
    • http://xiixmcuin.linkpc.net/3205202207200204/Z-Boat-by-Suzanne-Robb.pdf
    • http://xiixmcuin.linkpc.net/4207204201202208/Reincarnation-by-Suzanne-Weyn.pdf
    • http://xiixmcuin.linkpc.net/3203202203208206/Galveston-by-Suzanne-E-Morris.pdf
    • http://xiixmcuin.linkpc.net/2207206205209201/In-Love-and-War-by-Suzanne-Barrett.pdf
    • http://xiixmcuin.linkpc.net/3201208206200203/Unstoppable-by-Suzanne-Halliday.pdf
    • http://xiixmcuin.linkpc.net/2202203207200204/No-Ordinary-Man-by-Suzanne-Brockmann.pdf
    • http://xiixmcuin.linkpc.net/1201200206209209/Starcrossed-by-Suzanne-Carroll.pdf
    • http://xiixmcuin.linkpc.net/1203206204203204/At-Odds-by-Suzanne-Morton.pdf
    • http://xiixmcuin.linkpc.net/6205206203209206/Bad-Luck-by-Suzanne-Proulx.pdf
    • http://xiixmcuin.linkpc.net/8200202203206207/Vie-au-max-La-by-Suzanne-Julie

Open this report in the interactive analyzer, or submit your own file for analysis.