Malicious PDF — malware analysis report

Static analysis result for SHA-256 4f50b7b543cd9199…

MALICIOUS

PDF

16.3 KB Created: 2019-04-30 04:54:39 +01:00 Authoring application: mPDF 5.7
MD5: e44e164e214e1ab29796d41268927a7e SHA-1: 6f2053bb3e8ec131f6219512cdc5bf0b9cf8bb8d SHA-256: 4f50b7b543cd91990f73c8e1ec9b938b1f281f44252c05557ec3f0f3357f650e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the document body is heavily corrupted, the presence of numerous links suggests a social engineering tactic to direct users to external sites. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a02a09a07a01a09/The-Tycoon-s-Misunderstood-Bride-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/4a08a03a05a03a06/The-Sheik-s-Virgin-Lover-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/1a04a08a02a03a09/His-Secretive-Lover-The-Thorpe-Brothers-3-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/1a04a08a02a06a03/His-Challenging-Lover-The-Thorpe-Brothers-4-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/9a09a02a06a08a05/The-Russian-s-Tender-Lover-The-Sisterhood-3-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/1a07a04a06a04a03/The-Tycoon-s-Defiant-Southern-Belle-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/1a07a04a08a06a06/Falling-For-The-Boss-The-Attracelli-Family-2-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/1a07a04a06a07a07/Intimate-Desires-The-Love-and-Danger-Series-1-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/2a02a09a09a03a05/The-Greek-s-Forgotten-Wife-The-Boarding-School-Series-1-by-Elizabeth-Lennox.pdf
    • http://muicuiu.dumb1.com/2a03a07a02a05a01/We-Band-of-Angels-The-Untold-Story-of-American-Nurses-Trapped-on-Bataan-by-the-Japanese-by-Elizabeth-M-Norman.pdf
    • http://muicuiu.dumb1.com/2a09a04a01a03a01/Lennox-Lennox-1-by-Craig-Russell.pdf
    • http://muicuiu.dumb1.com/4a06a06a05a03a00/Trapped-by-Scandal-Trapped-2-by-Jane-Feather.pdf
    • http://muicuiu.dumb1.com/2a09a00a04a01a04/Trapped-Trapped-1-by-Beverley-Kendall.pdf
    • http://muicuiu.dumb1.com/2a08a01a01a01a05/To-Desire-a-Devil-Legend-of-the-Four-Soldiers-4-by-Elizabeth-Hoyt.pdf
    • http://muicuiu.dumb1.com/2a08a09a05a08a02/To-Desire-a-Devil-Legend-of-the-Four-Soldiers-4-by-Elizabeth-Hoyt.pdf
    • http://muicuiu.dumb1.com/1a01a06a05a09/The-Danger-of-Desire-Dartmouth-Brides-3-by-Elizabeth-Essex.pdf
    • http://muicuiu.dumb1.com/8a05a04a09a00a01/Forbidden-Desire-Rusty-Quirke-2-by-Elizabeth-Nelson.pdf
    • http://muicuiu.dumb1.com/3a06a07a07a02a04/Desire-for-Three-Winning-Back-Jesse-More-Desire-Oklahoma-1-by-Leah-Brooke.pdf
    • http://muicuiu.dumb1.com/4a01a01a05a09a05/Blade-s-Desire-Desire-Oklahoma-2-by-Leah-Brooke.pdf
    • http://muicuiu.dumb1.com/2a05a01a07a02a02/Rules-Of-Desire-Desire-Oklahoma-4-by-Leah-Brooke.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.