Malicious PDF — malware analysis report

Static analysis result for SHA-256 467dea577fa9c9d1…

MALICIOUS

PDF

14.7 KB Created: 2019-05-01 05:14:29 +01:00 Authoring application: mPDF 5.7
MD5: d677f498b54fc47267cc41c0ad504ffa SHA-1: fa24211897aabe91ce4338636b4a785363d17170 SHA-256: 467dea577fa9c9d1db0fc437e25134efc2bf4fd34b9e25ac589fcec9aa34bd0f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs appear to point to book titles, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, possibly for SEO poisoning or distributing further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a03a00a01a01a03/The-Last-Kingdom-The-Saxon-Stories-1-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/3a02a02a01a07a08/The-Last-Kingdom-The-Saxon-Stories-1-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/2a04a08a07a09a07/The-Flame-Bearer-The-Saxon-Stories-10-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/4a05a01a02a04a08/The-Pagan-Lord-The-Saxon-Stories-7-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/3a08a03a00a05/Death-of-Kings-The-Saxon-Stories-6-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/7a08a08a02a00/The-Pagan-Lord-The-Saxon-Stories-7-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/3a04a09a07a01/Lords-of-the-North-The-Saxon-Stories-3-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/4a02a07a07/The-Flame-Bearer-The-Saxon-Stories-10-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/3a08a03a01a09a07/Warriors-of-the-Storm-The-Warrior-Chronicles-Saxon-Stories-9-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/1a04a03a00a05a05/The-Fort-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/2a05a00a07a04a09/Azincourt-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/1a08a08a07a03a04/Enemy-of-God-A-Novel-of-Arthur-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/3a08a02a00a08a05/Death-of-Kings-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/4a08a07a09a05a08/Warlord-Chronicles-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/8a09a06a04a02a02/Sharpes-L-segeld-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/1a04a09a09a05a07/Copperhead-The-Starbuck-Chronicles-2-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/1a00a00a00a05a01/Enemy-of-God-The-Warlord-Chronicles-2-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/4a04a02a07a07a00/O-Arqueiro-A-Busca-do-Graal-1-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/4a05a00a09a05/Enemy-of-God-The-Warlord-Chronicles-2-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/2a05a04a04a04a08/The-Bloody-Ground-The-Starbuck-Chronicles-4-by-Bernard-Cornwell.pdf
    • http://muicuiu.dumb1.com/2a05a00a07a04a09/Azincourt-

Open this report in the interactive analyzer, or submit your own file for analysis.