Malicious PDF — malware analysis report

Static analysis result for SHA-256 443b9952edc1cb6a…

MALICIOUS

PDF

28.7 KB Created: 2019-04-30 20:13:46 +01:00 Authoring application: mPDF 5.7
MD5: 591cf118f8ef169f3a321b528c6b8d2c SHA-1: 098c584bb0beda717a45f338ed52f20ab86ad595 SHA-256: 443b9952edc1cb6aeaa32937f73c976aa432cb774e828486217df9a510d9aa4d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. While many of these URLs are marked as benign, the sheer volume and the nature of the heuristic suggest a link farm or redirection scheme. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond linking out.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9908

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://njcuejauiai.linkpc.net/2df9df8df3df2df0/A-Splendor-of-Letters-The-Permanence-of-Books-in-an-Impermanent-World-by-Nicholas-A-Basbanes.pdf
    • http://njcuejauiai.linkpc.net/8df2df5df0df4/On-Paper-The-Everything-of-Its-Two-Thousand-Year-History-by-Nicholas-A-Basbanes.pdf
    • http://njcuejauiai.linkpc.net/8df0df7df4df3df2/Free-Books-for-World-History-Lovers-Over-550-World-History-Books-for-You-to-Enjoy-Free-Books-for-a-Quick-Download-Book-14-by-Mike-Caputo.pdf
    • http://njcuejauiai.linkpc.net/8df0df7df4df6df5/Free-Books-for-Lovers-of-Private-Letters-Diaries-and-Journals-Discover-the-Private-Thoughts-of-Several-Greats-of-the-Past-Free-Books-For-a-Quick-Download-Book-4-by-M-Caputo.pdf
    • http://njcuejauiai.linkpc.net/3df7df4df1df0df1/Impermanent-by-Jamie-Jeffries.pdf
    • http://njcuejauiai.linkpc.net/3df6df0df1df5df8/The-Extinction-Cycle-Series-Box-Set-Books-1-3-by-Nicholas-Sansbury-Smith.pdf
    • http://njcuejauiai.linkpc.net/1df1df5df2df1df3df5/So-This-is-Permanence-Joy-Division-Lyrics-and-Notebooks-by-Ian-Curtis.pdf
    • http://njcuejauiai.linkpc.net/4df7df7df1df8/Faces-at-the-Bottom-of-the-Well-The-Permanence-of-Racism-by-Derrick-A-Bell.pdf
    • http://njcuejauiai.linkpc.net/1df1df5df1df3df5df7/Bastian-Blake-and-the-World-Beyond-Sons-of-the-Willow-1-by-Nicholas-Hayden.pdf
    • http://njcuejauiai.linkpc.net/9df8df6df0df6df9/Antifragile-How-to-Live-in-a-World-We-Don-t-Understand-by-Nassim-Nicholas-Taleb.pdf
    • http://njcuejauiai.linkpc.net/2df5df1df6df1df8/Empires-of-the-Word-A-Language-History-of-the-World-by-Nicholas-Ostler.pdf
    • http://njcuejauiai.linkpc.net/2df1df3df4df4df0/Collision-Low-Crossers-Inside-the-Turbulent-World-of-NFL-Football-by-Nicholas-Dawidoff.pdf
    • http://njcuejauiai.linkpc.net/2df3df7df1df1df1/The-Silent-World-of-Nicholas-Quinn-Inspector-Morse-3-by-Colin-Dexter.pdf
    • http://njcuejauiai.linkpc.net/4df8df7df0df7df1/A-Genius-for-Deception-How-Cunning-Helped-the-British-Win-Two-World-Wars-by-Nicholas-Rankin.pdf
    • http://njcuejauiai.linkpc.net/7df1df0df2df2df0/JAMES-DASHNER-SERIES-READING-ORDER-THE-MAZE-RUNNER-BOOKS-JIMMY-FINCHER-BOOKS-13TH-REALITY-BOOKS-INFINITY-RING-BOOKS-MORTALITY-DOCTRINE-BOOKS-BY-JAMES-DASHNER-by-List-Series.pdf
    • http://njcuejauiai.linkpc.net/5df4df4df8df4df6/LIST-SERIES-BRANDON-MULL-SERIES-READING-ORDER-FIVE-KINGDOMS-BOOKS-FABLEHAVEN-BOOKS-CANDY-SHOP-WAR-BOOKS-PINGO-BOOKS-BEYONDERS-BOOKS-SPIRIT-ANIMALS-BOOKS-BY-BRANDON-MULL-by-List-Series.pdf
    • http://njcuejauiai.linkpc.net/1df1df4df9df3df6df8/Letters-from-Felix-A-Little-Rabbit-on-a-World-Tour-with-Envelope-by-Annette-Langen.pdf
    • http://njcuejauiai.linkpc.net/8df4df6df1df9df3/Works-by-Michael-Scott-Study-Guide-Novels-by-Michael-Scott-the-Alchemyst-The-Secrets-of-the-Immortal-Nicholas-Flamel-by-Books-LLC.pdf
    • http://njcuejauiai.linkpc.net/3df1df2df6df9df8/Books-for-Kids-An-Interview-With-Domesticated-Wildlife-Illustration-Book-kids-books-Ages-3-8-Bedtime-Stories-For-Kids-Children-s-Books-beginner-reader-books-by-Robot-J-.pdf
    • http://njcuejauiai.linkpc.net/3df1df2df4df9df0/Books-for-Kids-The-Tortoise-amp-The-Hare-Illustration-Book-kids-books-Ages-3-8-Bedtime-Stories-For-Kids-Children-s-Books-beginner-reader-books-turtle-1-by-Robot-J-.pdf
    • http://njcuejauiai.linkpc.net/8df0df7df4df6df5/Free-Books-for-Lovers-of-Private-Letters-Diaries-and-Journals-Discover-the-Private-Thoughts-of-Several-Greats-of-the-Past-Free-Books-For-a-Quick-Downloa

Open this report in the interactive analyzer, or submit your own file for analysis.