Malicious PDF — malware analysis report

Static analysis result for SHA-256 55357aeaf829c7c5…

MALICIOUS

PDF

16.7 KB Created: 2020-02-14 19:25:39 +00:00 Authoring application: mPDF 5.7
MD5: 7584e945b2f2a1415ac7987f1f242277 SHA-1: d23d640bce0ccb95615227e54cb9838511cd0a2e SHA-256: 55357aeaf829c7c5e1004c491899b8bb32d2d0942de2e5c0914ceb63cc0c25df
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links pointing to external PDF files hosted on the domain easckaolp.myhome.cx. This pattern is indicative of a link farm or a lure to download further malicious content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://easckaolp.myhome.cx/2846845846842843/Uncle-Scrooge-and-Donald-Duck-Return-to-Plain-Awful-The-Don-Rosa-Library-2-by-Don-Rosa.pdf
    • http://easckaolp.myhome.cx/2844842845842/Uncle-Scrooge-and-Donald-Duck-The-Son-of-the-Sun-The-Don-Rosa-Library-1-by-Don-Rosa.pdf
    • http://easckaolp.myhome.cx/6845843845844/Donald-Duck-Comics-Donald-Duck-Comics-by-Carl-Barks-Donald-Duck-Comics-by-Don-Rosa-the-Life-and-Times-of-Scrooge-McDuck-by-Source-Wikipedia.pdf
    • http://easckaolp.myhome.cx/2843849844849/The-Life-and-Times-of-Scrooge-McDuck-by-Don-Rosa.pdf
    • http://easckaolp.myhome.cx/4844841848840843/The-Life-and-Times-of-Scrooge-McDuck-Companion-by-Don-Rosa.pdf
    • http://easckaolp.myhome.cx/2847843842849844/Red-Rosa-A-Graphic-Biography-of-Rosa-Luxemburg-by-Kate-Evans.pdf
    • http://easckaolp.myhome.cx/1844841841849847/The-Essential-Rosa-Luxemburg-Reform-or-Revolution-The-Mass-Strike-by-Rosa-Luxemburg.pdf
    • http://easckaolp.myhome.cx/8844846845842842/Uncle-Scrooge-The-Seven-Cities-of-Gold-The-Carl-Barks-Library-14-by-Carl-Barks.pdf
    • http://easckaolp.myhome.cx/5840849841840/Rosa-Parks-My-Story-by-Rosa-Parks.pdf
    • http://easckaolp.myhome.cx/2844842840849848/Donald-Duck-A-Christmas-for-Shacktown-The-Carl-Barks-Library-11-by-Carl-Barks.pdf
    • http://easckaolp.myhome.cx/4844842849849849/Donald-Duck-Lost-in-the-Andes-The-Carl-Barks-Library-7-by-Carl-Barks.pdf
    • http://easckaolp.myhome.cx/2844842840848842/Uncle-Scrooge-A-Little-Something-Special-by-David-Gerstein.pdf
    • http://easckaolp.myhome.cx/5840843841845840/Merry-Christmas-Uncle-Scrooge-McDuck-by-Walt-Disney-Company.pdf
    • http://easckaolp.myhome.cx/4842848848846843/The-Friends-by-Rosa-Guy.pdf
    • http://easckaolp.myhome.cx/1849840842845/Sub-Rosa-by-Amber-Dawn.pdf
    • http://easckaolp.myhome.cx/9843840842840841/Old-Rosa-by-Reinaldo-Arenas.pdf
    • http://easckaolp.myhome.cx/8842840845846845/The-L-A-Mafioso-by-Sveta-Rosa.pdf
    • http://easckaolp.myhome.cx/3848846845845846/The-Agent-by-Rosa-Lovedale.pdf
    • http://easckaolp.myhome.cx/2848844848841842/Fahrenheit-by-Alex-Rosa.pdf
    • http://easckaolp.myhome.cx/4847845844842842/Rosa-Parks-by-Douglas-Brinkley.pdf
    • http://easckaolp.myhome.cx/1844841841849847/The-Essential-Rosa-Luxemburg-Reform-or-Revolution-The-Mass-Strike-by-Rosa-Luxemburg

Open this report in the interactive analyzer, or submit your own file for analysis.