Malicious PDF — malware analysis report

Static analysis result for SHA-256 446c8ccf3dbc04b7…

MALICIOUS

PDF

14.3 KB Created: 2019-05-05 16:25:23 +01:00 Authoring application: mPDF 5.7
MD5: 296c1c157d611a210a32862977ae9e6a SHA-1: 7501219a9c7798bb337a99b11b6d3ffec4b7e7bf SHA-256: 446c8ccf3dbc04b7228f65207bb4c9f325cd60d6b55388fdf4222c2c2cba7395
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, indicating a link farm. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the presence of numerous links to external PDFs suggests a phishing or spam distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9200

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a06a06a09a06a02/Automated-Alice-Vurt-3-by-Jeff-Noon.pdf
    • http://muicuiu.dumb1.com/3a03a05a09a00a09/A-Man-of-Shadows-by-Jeff-Noon.pdf
    • http://muicuiu.dumb1.com/3a03a02a06a09a04/Falling-Out-of-Cars-by-Jeff-Noon.pdf
    • http://muicuiu.dumb1.com/1a06a03a05a03a00/Needle-in-the-Groove-by-Jeff-Noon.pdf
    • http://muicuiu.dumb1.com/3a02a07a00a01a03/The-Body-Library-John-Nyquist-2-by-Jeff-Noon.pdf
    • http://muicuiu.dumb1.com/9a05a08a08a02a06/The-Book-Of-Lost-Places-The-Selected-Works-Of-Jeff-Wander-Meer-by-Jeff-VanderMeer.pdf
    • http://muicuiu.dumb1.com/2a08a09a06a01a07/Noon-by-Aatish-Taseer.pdf
    • http://muicuiu.dumb1.com/1a00a01a07a02a01a02/The-Time-Is-Noon-by-Pearl-S-Buck.pdf
    • http://muicuiu.dumb1.com/6a07a04a09a03a07/The-Book-of-Blundells-by-Charles-Noon.pdf
    • http://muicuiu.dumb1.com/4a09a01a04a07a03/Spy-Noon-Spy-Another-Day-Prequel-1-by-Jordan-McCollum.pdf
    • http://muicuiu.dumb1.com/3a08a01a02a07a09/The-Man-Called-Noon-by-Louis-L-39-Amour.pdf
    • http://muicuiu.dumb1.com/4a05a04a04a03a07/Blaze-of-Noon-by-Rayner-Heppenstall.pdf
    • http://muicuiu.dumb1.com/9a08a01a04a03a01/Cat-s-Cradle-Chicagoland-Shifters-3-by-A-Catherine-Noon.pdf
    • http://muicuiu.dumb1.com/5a08a02a03a09a09/The-Doomsday-Bag-Ed-Noon-Mystery-by-Michael-Avallone.pdf
    • http://muicuiu.dumb1.com/8a02a02a03a01a07/High-Noon-At-Hot-Topic-by-Christine-Pope.pdf
    • http://muicuiu.dumb1.com/5a00a08a09a02a07/Sex-at-Noon-Taxes-Poems-by-Sally-Van-Doren.pdf
    • http://muicuiu.dumb1.com/5a08a02a04a08a03/The-Fat-Death-Ed-Noon-Mystery-15-by-Michael-Avallone.pdf
    • http://muicuiu.dumb1.com/9a08a06a08a03/Jeff-Shaara-s-Civil-War-Battlefields-Discovering-America-s-Hallowed-Ground-by-Jeff-Shaara.pdf
    • http://muicuiu.dumb1.com/5a08a02a04a00a07/The-Alarming-Clock-Ed-Noon-Mystery-by-Michael-Avallone.pdf
    • http://muicuiu.dumb1.com/5a08a02a06a09a02/The-February-Doll-Murders-Ed-Noon-by-Michael-Avallone.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.