Malicious PDF — malware analysis report

Static analysis result for SHA-256 3cc25c98b181dfee…

MALICIOUS

PDF

15.3 KB Created: 2020-03-18 22:36:27 +00:00 Authoring application: mPDF 5.7
MD5: 2b76ac2c76a0400753a2e55663d87b5a SHA-1: 53f4431a952326c9efc110118f00f170dce67234 SHA-256: 3cc25c98b181dfee45179dc41e1dd4ad44a9ccb9050090770346594de15dddf1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to external PDF files hosted on the same domain, suggesting a link farm or a method to distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9200

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ewasocmo.myhome.cx/1c35c38c30c31c31/Racing-the-Devil-Inspector-Ian-Rutledge-19-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/3c31c34c31c36/Hunting-Shadows-Inspector-Ian-Rutledge-16-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c35c32c35c32c34/A-Long-Shadow-Inspector-Ian-Rutledge-8-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c34c39c38c35c33/A-False-Mirror-Inspector-Ian-Rutledge-9-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c37c31c30c30/A-Test-of-Wills-Inspector-Ian-Rutledge-1-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/2c37c30c39c34/Legacy-of-the-Dead-Inspector-Ian-Rutledge-4-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c33c35c30c35c32/Wings-of-Fire-Inspector-Ian-Rutledge-2-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/2c33c31c33c30c31/A-Matter-of-Justice-Inspector-Ian-Rutledge-11-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c35c32c36c39c35/Search-the-Dark-Inspector-Ian-Rutledge-3-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/3c37c31c32c37c39/A-Fearsome-Doubt-Inspector-Ian-Rutledge-6-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c35c32c37c31c38/Watchers-of-Time-Inspector-Ian-Rutledge-5-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/1c30c32c36c39c38c33/Dunkle-Spuren-Ein-Inspektor-Rutledge-Roman-by-Charles-Todd.pdf
    • http://ewasocmo.myhome.cx/4c36c37c37c35c32/Racing-Dragons-by-Todd-A-Burnett.pdf
    • http://ewasocmo.myhome.cx/4c34c35c35/Rather-Be-the-Devil-Inspector-Rebus-21-by-Ian-Rankin.pdf
    • http://ewasocmo.myhome.cx/3c30c36c35c39c32/Halloween-Jack-and-the-Devil-s-Gate-by-M-Todd-Gallowglas.pdf
    • http://ewasocmo.myhome.cx/3c30c33c35c31c39/The-Glass-Devil-Inspector-Huss-4-by-Helene-Tursten.pdf
    • http://ewasocmo.myhome.cx/1c31c38c37c36c37c38/Race---Canard-Air-Racing---Color-Edition-A-History-of-Racing-Burt-Rutan-Inspired-Designs-1983-2005-by-John-G-Lambert.pdf
    • http://ewasocmo.myhome.cx/2c37c33c33c31c34/Racing-To-You-Racing-Love-1-by-Robin-Lovett.pdf
    • http://ewasocmo.myhome.cx/4c38c35c32c37c32/Devil-s-Kitchen-An-Inspector-Drake-Prequel-Novella-by-Stephen-Puleston.pdf
    • http://ewasocmo.myhome.cx/4c32c37c36c39c39/The-Devil-in-Montmartre-A-Mystery-in-Fin-de-Si-cle-Paris-Inspector-Lefebvre-1-by-Gary-Inbinder.pdf
    • http://ewasocmo.myhome.cx/1c35c32c36c39c35/Search-the-Dark-In

Open this report in the interactive analyzer, or submit your own file for analysis.