Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f159350e9dcf876…

MALICIOUS

PDF

34.2 KB Created: 2020-03-18 21:57:30 +00:00 Authoring application: mPDF 5.7
MD5: dd2ab535b682a604c53bdffc919cbe6a SHA-1: c3657ab26ed200bab5493f2e32ebbc062c2e8972 SHA-256: 5f159350e9dcf876aab1730c065963d290f24319e4027ec1ef3e1cc879755a6a
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier and ClamAV also flagged this file as malicious, with ClamAV identifying it as a Pdf.Dropper.Agent. The embedded URLs likely serve as a link farm, potentially for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9670

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7687552-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7687552-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lwoscmobook.myhome.cx/652485241524852425246/Danse-de-la-Chevre-New-Edition-with-Historical-and-Interpretation-Notes-for-Solo-Flute-by-Arthur-Honegger.pdf
    • http://lwoscmobook.myhome.cx/852405240524752425241/Pastorale-D-Ete-Study-Score-by-Arthur-Honegger.pdf
    • http://lwoscmobook.myhome.cx/652475246524052445248/The-Grass-Flute-Zen-Master-Sodo-Yokoyama-by-Arthur-Braverman.pdf
    • http://lwoscmobook.myhome.cx/852455247524952425246/Foundations-and-Interpretation-of-Quantum-Mechanics-In-the-Light-of-a-Critical-Historical-Analysis-of-the-Problems-and-of-a-Synthesis-of-the-Results-by-Gennaro-Auletta.pdf
    • http://lwoscmobook.myhome.cx/652405249524052465240/Delirium-An-Interpretation-of-Arthur-Rimbaud-by-Jeremy-Reed.pdf
    • http://lwoscmobook.myhome.cx/552405245524452485246/Solo-A-Star-Wars-Story-Expanded-Edition-by-Mur-Lafferty.pdf
    • http://lwoscmobook.myhome.cx/852415245524552455248/Notes-and-Recollections-With-The-Historical-Setting-of-the-Austrian-School-of-Economics-by-Ludwig-von-Mises.pdf
    • http://lwoscmobook.myhome.cx/852495246524052445242/Italy-225-pictures-in-Photogravure-Introductory-Essay-Historical-Notes-by-Martin-H-rlimann.pdf
    • http://lwoscmobook.myhome.cx/352485244524152485244/Han-Solo-and-the-Lost-Legacy-Star-Wars-The-Han-Solo-Adventures-3-by-Brian-Daley.pdf
    • http://lwoscmobook.myhome.cx/1524052445240524452435244/4-Miniaturen-f-r-Chromatische-Mundharmonika-solo-4-Miniatures-for-Solo-Chromatic-Harmonica-by-Christine-Hartlieb.pdf
    • http://lwoscmobook.myhome.cx/1524152405241524552435242/Selections-from-Uhland-s-Ballads-and-Romances-With-Biographical-Notices-and-Historical-and-Grammatical-Notes-by-George-Eug-ne-Fasnacht.pdf
    • http://lwoscmobook.myhome.cx/152495246524652425243/Three-Kingdoms-A-Historical-Novel-Abridged-Edition-by-Luo-Guanzhong.pdf
    • http://lwoscmobook.myhome.cx/1524152405245524552425246/Nocturne-f-r-Fl-te-und-Klavier-Nocturne-for-Flute-and-Piano-Opus-133-Score-for-Flute-and-Piano-Bisel-Classics-Book-186-by-Salomon-Jadassohn.pdf
    • http://lwoscmobook.myhome.cx/352475241524552415241/Carnal-Sacraments-a-Historical-Novel-of-the-Future-2nd-Edition-by-Perry-Brass.pdf
    • http://lwoscmobook.myhome.cx/1524152405240524552455243/Cantata-No-199----Mein-Herze-Schwimmt-Im-Blut-For-Soprano-Solo-and-Orchestra-with-German-and-English-Text-Vocal-Score-0-Kalmus-Edition-by-Johann-Sebastian-Bach.pdf
    • http://lwoscmobook.myhome.cx/752435246524752465247/Shakespeare-s-play-of-the-Merchant-of-Venice-Arranged-for-Representation-at-the-Princess-s-Theatre-with-Historical-and-Explanatory-Notes-by-Charles-Kean-F-S-A-by-William-Shakespeare.pdf
    • http://lwoscmobook.myhome.cx/552405242524752425248/Solo-Solo-1-by-Sarah-Schofield.pdf
    • http://lwoscmobook.myhome.cx/652475249524552435241/Les-Aventures-de-Sherlock-Holmes---dition-en-Fran-ais---Annot-es-dition-en-Fran-ais---Annot-es-by-Arthur-Conan-Doyle.pdf
    • http://lwoscmobook.myhome.cx/752485243524852425249/My-Christmas-Notes-Special-Christmas-notebooks-journals-edition-Notebook-Journal-Diary-Planner-Memory-Notebook-Keepsake-Book-designed-by-the-Night---Special-Edition-by-Night-Fairy-Volume-36-by-Judy-Sery-Barski.pdf
    • http://lwoscmobook.myhome.cx/752435246524752465246/Shakespeare-s-Play-of-the-Tempest-Arranged-for-Representation-at-the-Princess-s-Theatre-with-Historical-and-Explanatory-Notes-by-Charles-Kean-F-S-A-as-First-Performed-on-Wednesday-July-1-1857-by-William-Shakespeare.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.