Malicious PDF — malware analysis report

Static analysis result for SHA-256 40ada8f133936324…

MALICIOUS

PDF

13.0 KB Created: 2020-03-19 03:41:34 +00:00 Authoring application: mPDF 5.7
MD5: da5b63a8eecd2acfe47bbaa1ed69e8d4 SHA-1: 2c95848e6a81fbadf5fd207826ace31006b4feef SHA-256: 40ada8f133936324e9dde56edfd5ff73e03703ee7a3a4fc39940211f3968982f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or distribution mechanism. The ML classifier also flagged this PDF as malicious. The document body, though heavily obfuscated, contains numerous URLs pointing to external PDF files, indicating a potential phishing or malware distribution attempt. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://weisncio.myhome.cx/8626622620628624/A-Magical-Alex-Flinn-3-Book-Collection-Cloaked-A-Kiss-in-Time-Towering-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/1621622624620629/Towering-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/2625621628626624/Beastly-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/3621620626620621/Beastly-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/2629626626628627/Breathing-Underwater-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/2628629629626628/Bewitching-Kendra-Chronicles-2-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/9626629627620/Diva-Breathing-Underwater-2-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/3625627626625625/Bewitching-Kendra-Chronicles-2-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/1627621627/Mirrored-Kendra-Chronicles-3-by-Alex-Flinn.pdf
    • http://weisncio.myhome.cx/2620626623621626/Kiss-Across-Swords-Kiss-Across-Time-2-by-Tracy-Cooper-Posey.pdf
    • http://weisncio.myhome.cx/8623623629628621/Kiss-Me-in-Paris-by-Alex-Lux.pdf
    • http://weisncio.myhome.cx/3622620629622624/Time-After-Time-Alex-Balfour-1-by-Allen-Appel.pdf
    • http://weisncio.myhome.cx/8625622628622/Serpent-s-Kiss-Rogue-Angel-10-by-Alex-Archer.pdf
    • http://weisncio.myhome.cx/2626625626627626/Kiss-the-Girls-Alex-Cross-2-by-James-Patterson.pdf
    • http://weisncio.myhome.cx/3625625626622/Yoga-Time-by-Alex-Letner.pdf
    • http://weisncio.myhome.cx/1625620621620626/Dreams-in-Time-Alex-Charles-2-by-Kim-Reynolds.pdf
    • http://weisncio.myhome.cx/9627624623627622/The-Decapaphiliac-Or-Love-in-the-Time-of-Cappuccinos-by-Alex-Weinle.pdf
    • http://weisncio.myhome.cx/1621622622623625/Meteorites-A-Journey-through-Space-and-Time-by-Alex-Bevan.pdf
    • http://weisncio.myhome.cx/8621621627627629/Kiss-Lonely-Goodbye-Part-Time-Lovers-3-by-Josee-Renard.pdf
    • http://weisncio.myhome.cx/5629624626622/Kiss-of-Night-Kiss-Trilogy-1-by-Debbie-Vigui-.pdf
    • http://weisncio.myhome.cx/3625625626622/Yoga-Time-by-Alex-Letner

Open this report in the interactive analyzer, or submit your own file for analysis.