Malicious PDF — malware analysis report

Static analysis result for SHA-256 48d3b9e8786b30ca…

MALICIOUS

PDF

14.6 KB Created: 2019-05-05 16:02:24 +01:00 Authoring application: mPDF 5.7
MD5: 4a90c8f2deb83a83ca64b968023f891e SHA-1: aaa1c0b19b0e053a38b4bd61d55e0eb1b0a50e69 SHA-256: 48d3b9e8786b30ca3f2bd329d810312939bf807d7774b25e70ae9fa0b5cf9b1c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs, forming a link farm. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the structure and embedded URLs suggest a social engineering attempt to direct users to potentially malicious content. The primary attack pattern observed is the creation of a link farm to distribute traffic across numerous external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a01a05a03a08a03a04/Pong-Choolie-You-Rascal-by-Lucy-Herndon-Crockett.pdf
    • http://muicuiu.dumb1.com/8a00a02a07a00a07/Rascal-at-the-Show-Rascal-the-Dragon-5-by-Paul-Jennings.pdf
    • http://muicuiu.dumb1.com/8a00a02a08a01a01/Rascal-Runs-Away-Rascal-the-Dragon-14-by-Paul-Jennings.pdf
    • http://muicuiu.dumb1.com/8a00a02a09a00a01/A-Home-for-Rascal-New-Tricks-for-Rascal-by-Holly-Webb.pdf
    • http://muicuiu.dumb1.com/8a00a02a07a09a06/Rascal-and-the-Bad-Smell-Rascal-the-Dragon-16-by-Paul-Jennings.pdf
    • http://muicuiu.dumb1.com/8a00a02a07a06a00/Rascal-and-the-Dragon-Droppings-Rascal-the-Dragon-11-by-Paul-Jennings.pdf
    • http://muicuiu.dumb1.com/2a05a09a08a03a04/Rascal-The-Dragon-Rascal-the-Dragon-1-by-Paul-Jennings.pdf
    • http://muicuiu.dumb1.com/3a09a01a09a07a02/The-Way-It-Spozed-to-Be-by-James-Herndon.pdf
    • http://muicuiu.dumb1.com/1a04a05a07a04a03/Dancing-on-Daisies-by-Cate-Herndon.pdf
    • http://muicuiu.dumb1.com/1a07a09a09a03a05/Dream-Boy-by-Mary-Crockett.pdf
    • http://muicuiu.dumb1.com/1a02a08a08a05a05/The-Dark-Man-by-Stephen-E-Crockett.pdf
    • http://muicuiu.dumb1.com/3a03a00a02a07a00/Crockett-of-Tennessee-by-Cameron-Judd.pdf
    • http://muicuiu.dumb1.com/9a02a07a08/How-She-Died-How-I-Lived-by-Mary-Crockett.pdf
    • http://muicuiu.dumb1.com/7a01a02a05a01/Do-Not-Assume-by-Elaine-Williams-Crockett.pdf
    • http://muicuiu.dumb1.com/1a00a01a03a02a02/Black-Tar-For-the-Love-of-Heroin-by-Stephen-E-Crockett.pdf
    • http://muicuiu.dumb1.com/3a07a01a03a00a08/Colonel-Crockett-s-Co-operative-Christmas-by-Rupert-Hughes.pdf
    • http://muicuiu.dumb1.com/1a01a05a03a07a00a09/Ping-and-Pong-Are-Best-Friends-by-Tim-Hopgood.pdf
    • http://muicuiu.dumb1.com/2a09a06a00a05a01/Ping-Pong-by-Arthur-Adamov.pdf
    • http://muicuiu.dumb1.com/1a01a05a03a08a02a04/Paper-Pong-by-Richard-Moore.pdf
    • http://muicuiu.dumb1.com/1a01a05a03a07a00a04/The-Wrong-Pong-by-Steven-Butler.pdf
    • http://muicuiu.dumb1.com/3a03a00a02a07a00/Crockett-of-Tenness

Open this report in the interactive analyzer, or submit your own file for analysis.