Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a90f3dc7d9062b1…

MALICIOUS

PDF

15.1 KB Created: 2019-05-02 01:30:09 +01:00 Authoring application: mPDF 5.7
MD5: ce6bef2743fc2e0786cdbb10beed9ccd SHA-1: bea8427e0ae54f5fa50c11b7a2897f8231304782 SHA-256: 3a90f3dc7d9062b18c048c904983f465d051372ce9d973a35e139ba2615e592c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links to external URLs, a technique often used for SEO manipulation or to redirect users to malicious content. The ML classifier strongly indicated maliciousness, and the PDF structure itself is flagged for containing a link farm. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a06a08a05a07a00/The-Seven-Deadlies-by-Katherine-Rochholz.pdf
    • http://muicuiu.dumb1.com/1a05a07a03a07a06/The-Veil-LIfts-The-Katy-Lily-Series-3-by-Katherine-Rochholz.pdf
    • http://muicuiu.dumb1.com/1a05a07a02a03a04/Hunted-The-Katy-Lily-Series-Companion-by-Katherine-Rochholz.pdf
    • http://muicuiu.dumb1.com/3a07a06a09a02a00/Truth-and-Lies-Past-and-Present-Katy-Lily-1-by-Katherine-Rochholz.pdf
    • http://muicuiu.dumb1.com/1a05a06a05a01a03/Truth-and-Lies-Past-and-Present-Katy-Lily-1-by-Katherine-Rochholz.pdf
    • http://muicuiu.dumb1.com/7a04a07a02a02a06/The-Keeper-s-Quest-The-Second-Book-in-the-Keeper-s-Deries-by-MR-Peter-Bolton.pdf
    • http://muicuiu.dumb1.com/5a01a03a07a01/Keeper-Keeper-Series-1-by-Robyn-Roze.pdf
    • http://muicuiu.dumb1.com/7a04a08a05a09a03/Tell-Und-Gessler-in-Sage-Und-Geschichte-by-Ernst-Ludwig-Rochholz.pdf
    • http://muicuiu.dumb1.com/4a07a01a09a00a01/The-Secret-Keeper-Up-All-Night-The-Secret-Keeper-3-by-Brea-Brown.pdf
    • http://muicuiu.dumb1.com/6a07a05a08a01a02/The-Crystal-Keeper-Crystal-Keeper-1-3-by-Laurisa-White-Reyes.pdf
    • http://muicuiu.dumb1.com/5a07a06a06a09a00/Katherine-Wentworth-Katherine-1-by-D-E-Stevenson.pdf
    • http://muicuiu.dumb1.com/3a00a02a05a03a06/Dragon-Keeper-Dragon-Keeper-1-by-Carole-Wilkinson.pdf
    • http://muicuiu.dumb1.com/4a00a04a08a04a03/The-Secret-Keeper-The-Secret-Keeper-1-by-Brea-Brown.pdf
    • http://muicuiu.dumb1.com/3a03a07a02a05a09/Keeper-of-the-Lost-Cities-Keeper-of-the-Lost-Cities-1-by-Shannon-Messenger.pdf
    • http://muicuiu.dumb1.com/3a02a07a04a02a04/The-Complete-Stories-Of-Katherine-Mansfield-by-Katherine-Mansfield.pdf
    • http://muicuiu.dumb1.com/6a03a03a03a08a03/The-Poems-of-Katherine-Mansfield-by-Katherine-Mansfield.pdf
    • http://muicuiu.dumb1.com/4a05a05a07a07a00/M-C-I-Am-My-Brother-s-Keeper-by-C-J-McShane.pdf
    • http://muicuiu.dumb1.com/4a00a02a06a00a09/The-Keeper-by-Kalita-Kasar.pdf
    • http://muicuiu.dumb1.com/4a02a00a03a01/Unveiled-The-Keeper-5-by-O-L-Ramos.pdf
    • http://muicuiu.dumb1.com/7a00a01a03a00a04/Keeper-Of-The-Heart-by-Arielle.pdf
    • http://muicuiu.dumb1.com/6a07a05a08a01a02/The-Crystal-Keeper-

Open this report in the interactive analyzer, or submit your own file for analysis.