Malicious PDF — malware analysis report

Static analysis result for SHA-256 449674c82b7b33ea…

MALICIOUS

PDF

14.0 KB Created: 2019-05-02 05:11:34 +01:00 Authoring application: mPDF 5.7
MD5: a8ef02790ffb8036b7473a1fcdfc3a6e SHA-1: 6b58abf1146bb2b8afe9b32a7e4576a7b7baec17 SHA-256: 449674c82b7b33eaaa1851fe56deecee346b783c50155afc088a4ee749f78e15
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, likely for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/3209202207202206/Forever-Ride-Hellions-Ride-2-by-Chelsea-Camaron.pdf
    • http://xiixmcuin.linkpc.net/2204208204207201/One-Ride-Hellions-Ride-1-by-Chelsea-Camaron.pdf
    • http://xiixmcuin.linkpc.net/4205206203201201/Wild-Ride-Ready-to-Ride-2-Invitation-to-Eden-17-by-Opal-Carew.pdf
    • http://xiixmcuin.linkpc.net/4205206203201202/Hard-Ride-Ready-to-Ride-4-by-Opal-Carew.pdf
    • http://xiixmcuin.linkpc.net/9200206208200/Sweet-Ride-Ride-2-by-Maegan-Lynn-Moores.pdf
    • http://xiixmcuin.linkpc.net/4206201205201202/Ride-Em-Hard-Cowboy-Ride-Em-3-by-J-P-Bowie.pdf
    • http://xiixmcuin.linkpc.net/4208206203206200/Wild-Ride-Let-it-Ride-2-by-Cynthia-Rayne.pdf
    • http://xiixmcuin.linkpc.net/3209204200203200/Ride-Em-Cowboy-Ride-Em-1-by-J-P-Bowie.pdf
    • http://xiixmcuin.linkpc.net/4206207207208208/Ride-To-Restoration-Ride-2-by-D-J-Wilson.pdf
    • http://xiixmcuin.linkpc.net/1200200206209200200/Maximum-Ride-Band-01-Maximum-Ride-The-Manga-1-by-James-Patterson.pdf
    • http://xiixmcuin.linkpc.net/2200207200202208/Crash-and-Burn-Love-amp-Repair-0-5-by-Chelsea-Camaron.pdf
    • http://xiixmcuin.linkpc.net/2209202208205206/Restore-My-Heart-Daddy-s-Girls-1-by-Chelsea-Camaron.pdf
    • http://xiixmcuin.linkpc.net/5208208204207203/Maximum-Ride-The-Manga-Vol-3-Maximum-Ride-The-Manga-3-by-James-Patterson.pdf
    • http://xiixmcuin.linkpc.net/5206202208203201/Suicide-Ride-The-Fix-Suicide-Ride-2-by-E-Llewellyn.pdf
    • http://xiixmcuin.linkpc.net/4205206207201202/Crossover-Devil-s-Due-MC-and-Vipers-Creed-MC-Prequel-Devil-s-Due-MC-0-5-Viper-s-Creed-MC-0-5-by-Chelsea-Camaron.pdf
    • http://xiixmcuin.linkpc.net/3203205207208201/Hot-Ride-by-Kelly-Jamieson.pdf
    • http://xiixmcuin.linkpc.net/2208200201203206/A-Ride-to-Desire-by-K-B-Mallion.pdf
    • http://xiixmcuin.linkpc.net/2202206200202208/Ride-by-Harper-Dallas.pdf
    • http://xiixmcuin.linkpc.net/4205206204201209/Slow-Ride-by-Kat-Morrisey.pdf
    • http://xiixmcuin.linkpc.net/2209201201208206/A-Ride-to-Love-by-Purpleyhan.pdf
    • http://xiixmcuin.linkpc.net/5208208204207203/Ma

Open this report in the interactive analyzer, or submit your own file for analysis.