Malicious PDF — malware analysis report

Static analysis result for SHA-256 4804a0df7f1dcb90…

MALICIOUS

PDF

15.1 KB Created: 2019-04-30 05:15:29 +01:00 Authoring application: mPDF 5.7
MD5: 037700aac06a5425a4269070d9b39240 SHA-1: 1ee8f139dae713e6f29d54e733340048f0118c6d SHA-256: 4804a0df7f1dcb906a36678aa211f7c9004de936f48e4854b9fea714c47df3b6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDFs, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier strongly indicated maliciousness. While no scripts were extracted, the PDF structure and link farm heuristic suggest a delivery mechanism for potentially harmful content hosted at the provided URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a03a00a04a01a04/Maximum-Violence-Arisen-4-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/4a08a02a07a00a03/Fortress-Britain-Arisen-1-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/4a05a02a07a01a04/Space-Place-and-Violence-Violence-and-the-Embodied-Geographies-of-Race-Sex-and-Gender-by-James-Tyner.pdf
    • http://muicuiu.dumb1.com/2a00a03a06a01a01/Maximum-Ride-Vol-5-Maximum-Ride-The-Manga-5-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/1a08a00a02a08a08/Maximum-Ride-Vol-8-Maximum-Ride-The-Manga-8-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/4a04a01a03a04/Maximum-Ride-Vol-2-Maximum-Ride-The-Manga-2-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/1a02a04a08a04a09/Maximum-Ride-Vol-7-Maximum-Ride-The-Manga-7-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/1a01a05a03a01a07/The-Journal-of-James-Halldon-Diary-of-the-Displaced-1-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/1a02a08a00a09a01/The-Last-to-Fall-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/1a02a06a04a03a08/At-Last-Goodbye-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/2a09a00a00a03a01/Diary-of-the-Displaced---Part-2-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/1a02a06a09a03a01/The-Ways-Diary-of-the-Displaced-3-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/5a08a08a03a06a05/Maximum-Ride-The-Manga-Vol-1-Maximum-Ride-The-Manga-1-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/5a08a08a04a07a00/Maximum-Ride-The-Manga-Vol-2-Maximum-Ride-The-Manga-2-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/1a02a02a06a01a09/Chasing-Spirits---The-Memoirs-of-Reginald-Weldon-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/3a09a01a02a08a05/Max-Maximum-Ride-5-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/3a03a04a07a03/Angel-Maximum-Ride-7-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/3a03a08a02a07/Nevermore-Maximum-Ride-8-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/3a07a01a02a03a05/The-Angel-Experiment-Maximum-Ride-1-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/5a08a02a04a03/The-Angel-Experiment-Maximum-Ride-1-by-James-Patterson.pdf
    • http://muicuiu.dumb1.com/1a02a06a04a03a08/At-Last-Goodbye-by-Glynn-James.p

Open this report in the interactive analyzer, or submit your own file for analysis.