Malicious PDF — malware analysis report

Static analysis result for SHA-256 5269ac7cbc1e493b…

MALICIOUS

PDF

15.8 KB Created: 2019-04-30 02:50:28 +01:00 Authoring application: mPDF 5.7
MD5: 0a95c233d7bbc919ba994c69b6dbcd37 SHA-1: d234eea9da2780eb705594ad3ab03cf1ce7dc3f0 SHA-256: 5269ac7cbc1e493bbc530995ae197979973721fd93213fd6704fcd36099f2e2c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1190 Exploit Public-Facing Application

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs, forming a link farm. These links, while individually classified as benign, collectively suggest a malicious intent, possibly for SEO manipulation or as a distribution vector for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a02a07a04a04a06/Fire-in-Winter-Surviving-the-Dead-4-by-James-N-Cook.pdf
    • http://muicuiu.dumb1.com/2a02a07a04a04a07/Warrior-Within-Surviving-the-Dead-3-by-James-N-Cook.pdf
    • http://muicuiu.dumb1.com/1a09a08a07a06a01/Winter-Fire-Winter-Fire-1-by-Laurie-Dubay.pdf
    • http://muicuiu.dumb1.com/4a03a08a05a07a02/The-Journals-of-Captain-Cook-by-James-Cook.pdf
    • http://muicuiu.dumb1.com/4a06a08a06a06a08/Dead-Drunk-Surviving-the-Zombie-Apocalypse-One-Beer-at-a-Time-by-Richard-Johnson.pdf
    • http://muicuiu.dumb1.com/7a04a04a08a03a05/Hero-s-Journey-Sweet-Pepper-Fire-Brigade-Mystery-1-5-by-J-J-Cook.pdf
    • http://muicuiu.dumb1.com/3a06a00a05a02a07/Welcome-to-Romero-Park-Night-of-the-Victorian-Dead-1-by-Amber-Michelle-Cook.pdf
    • http://muicuiu.dumb1.com/1a06a06a08a00a08/Welcome-to-Romero-Park-Night-of-the-Victorian-Dead-1-by-Amber-Michelle-Cook.pdf
    • http://muicuiu.dumb1.com/1a05a04a08a07a07/Winter-of-Fire-by-Sherryl-Jordan.pdf
    • http://muicuiu.dumb1.com/1a02a07a03a06a05/The-Dead-of-Winter-by-Jack-Night.pdf
    • http://muicuiu.dumb1.com/3a03a02a06a07/Dead-of-Winter-by-Kresley-Cole.pdf
    • http://muicuiu.dumb1.com/3a05a00a05a08a00/Winter-Roses-Fire-5-by-Anita-Mills.pdf
    • http://muicuiu.dumb1.com/1a09a05a00a07a09/Hailstorm-Winter-Fire-2-by-Laurie-Dubay.pdf
    • http://muicuiu.dumb1.com/9a08a03a09a01/Dead-Of-Winter-DC-Ebony-Willis-1-by-Lee-Weeks.pdf
    • http://muicuiu.dumb1.com/1a07a00a01a09/Dead-Of-Winter-Louis-Kincaid-2-by-P-J-Parrish.pdf
    • http://muicuiu.dumb1.com/9a07a09a01a08a05/The-Dead-of-Winter-Piper-Blackwell-1-by-Jean-Rabe.pdf
    • http://muicuiu.dumb1.com/1a08a09a00a04a08/Dead-of-Winter-The-Arcana-Chronicles-3-by-Kresley-Cole.pdf
    • http://muicuiu.dumb1.com/4a07a09a07a02a09/Barely-Surviving-Surviving-1-by-Courtney-Cross.pdf
    • http://muicuiu.dumb1.com/9a09a01a02a00a09/Barely-Surviving-Surviving-1-by-Courtney-Cross.pdf
    • http://muicuiu.dumb1.com/1a00a09a04a07a06a03/The-Day-the-World-Stopped-Cold-Curious-things-happen-in-the-dead-of-winter-by-Meghan-Hotz.pdf
    • http://muicuiu.dumb1.com/1a02a07a03a06a0

Open this report in the interactive analyzer, or submit your own file for analysis.