Malicious PDF — malware analysis report

Static analysis result for SHA-256 374900979589d528…

MALICIOUS

PDF

13.0 KB Created: 2019-05-02 08:52:31 +01:00 Authoring application: mPDF 5.7
MD5: a84add15c843e1b2a9c4cce6d674bb12 SHA-1: d95199b49ae102d694481976718a03ef27c5b46e SHA-256: 374900979589d528f981dec1ac17edcef8450f3e8b3f90f67fd3e23b8e67c73c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While many of these links were confirmed benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to serve as a lure for further malicious activity. The ML classifier also flagged the document as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/1201209207203200206/Cade-amp-Bree-Greenwood-Pride-2-by-Amy-Robyn.pdf
    • http://xiixmcuin.linkpc.net/1201209207203200208/Bree-Gives-Birth-Breeding-Bree-3-by-Fiona-Thompson.pdf
    • http://xiixmcuin.linkpc.net/9205204205208206/The-Greenwood-Guide-to-South-Africa-by-Simon-Greenwood.pdf
    • http://xiixmcuin.linkpc.net/3206201203204206/Pride-Series-Book-One-amp-Two-The-Pride-1-2-by-Jill-Sanders.pdf
    • http://xiixmcuin.linkpc.net/3206201203203202/Pride-Series-Book-Three-amp-Four-The-Pride-3-4-by-Jill-Sanders.pdf
    • http://xiixmcuin.linkpc.net/9206204203205209/Returning-Pride-The-Pride-3-by-Jill-Sanders.pdf
    • http://xiixmcuin.linkpc.net/4205200207202205/Returning-Pride-The-Pride-3-by-Jill-Sanders.pdf
    • http://xiixmcuin.linkpc.net/2208200206200203/Pride-Unleashed-A-Wolf-s-Pride-2-by-Cat-Kalen.pdf
    • http://xiixmcuin.linkpc.net/1201204208208209203/Pride-Finden-Pride-1-by-Jill-Sanders.pdf
    • http://xiixmcuin.linkpc.net/2207208207203204/Pride-s-Run-A-Wolf-s-Pride-1-by-Cat-Kalen.pdf
    • http://xiixmcuin.linkpc.net/2208202203209207/Pride-and-Prejudice-and-Poison-A-Pride-and-Prejudice-Novel-Variation-by-Bella-Breen.pdf
    • http://xiixmcuin.linkpc.net/4206200201204204/Trapped-by-Kenzie-Cade.pdf
    • http://xiixmcuin.linkpc.net/2205202206206206/Tapped-by-Cora-Cade.pdf
    • http://xiixmcuin.linkpc.net/4209205202203209/Forever-For-Now-by-Scotty-Cade.pdf
    • http://xiixmcuin.linkpc.net/4205207204204205/Raising-Cade-by-Jonathan-Penn.pdf
    • http://xiixmcuin.linkpc.net/1201201209205202207/Cade-Howling-Wolf-2-by-Fel-Fern.pdf
    • http://xiixmcuin.linkpc.net/2207202206209208/Two-in-the-Afternoon-A-Day-of-Pleasure-2-by-Cora-Cade.pdf
    • http://xiixmcuin.linkpc.net/9206205202205/Cade-The-Society-2-by-Mason-Sabre.pdf
    • http://xiixmcuin.linkpc.net/4206209207208200/Kissing-Her-Scrooge-by-Kinley-Cade.pdf
    • http://xiixmcuin.linkpc.net/1201209207202202209/Tru-Love-2-by-Bree.pdf
    • http://xiixmcuin.linkpc.net/4206200201204204/T

Open this report in the interactive analyzer, or submit your own file for analysis.