Malicious PDF — malware analysis report

Static analysis result for SHA-256 6118e0b1a9f1a52c…

MALICIOUS

PDF

15.7 KB Created: 2020-03-18 22:28:06 +00:00 Authoring application: mPDF 5.7
MD5: f7eaea5bab57624f5d871d69fe4c1f5d SHA-1: ed8d8b5ee066df5ac9d3a113645434b65ecfd4df SHA-256: 6118e0b1a9f1a52c6a40c71f8c70f4e15f759a114923d24d80e93ee96563cfbe
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, many of which have numeric slugs in their URLs. This pattern is indicative of a link farm or SEO spam technique, likely intended to drive traffic or potentially host malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://weisncio.myhome.cx/1621626622625620623/YuYu-Hakusho-Volume-13-Full-Power-One-Last-Time-by-Yoshihiro-Togashi.pdf
    • http://weisncio.myhome.cx/4625626621625624/Inuyasha-Volume-15-by-Rumiko-Takahashi.pdf
    • http://weisncio.myhome.cx/2627629623628629/Rivers-of-London-Volume-6-Water-Weed-by-Andrew-Cartmel.pdf
    • http://weisncio.myhome.cx/4624620626620625/One-Pound-Gospel-Volume-1-by-Rumiko-Takahashi.pdf
    • http://weisncio.myhome.cx/5628629628626629/Yu-Yu-Hakusho-Volume-18-The-Demon-Plane-Unification-Tournament-Yu-Yu-Hakusho-18-by-Yoshihiro-Togashi.pdf
    • http://weisncio.myhome.cx/5628629628626628/Yu-Yu-Hakusho-Volume-15-Showdown-at-the-Eleventh-Hour-Yu-Yu-Hakusho-15-by-Yoshihiro-Togashi.pdf
    • http://weisncio.myhome.cx/5628629627625629/Yu-Yu-Hakusho-Volume-6-The-Dark-Tournament-Yu-Yu-Hakusho-6-by-Yoshihiro-Togashi.pdf
    • http://weisncio.myhome.cx/5628629628626623/Yu-Yu-Hakusho-Volume-14-A-Bloody-Past-Yu-Yu-Hakusho-14-by-Yoshihiro-Togashi.pdf
    • http://weisncio.myhome.cx/5628629628620628/Yu-Yu-Hakusho-Volume-8-Open-Your-Eyes-Yu-Yu-Hakusho-8-by-Yoshihiro-Togashi.pdf
    • http://weisncio.myhome.cx/5625621623627621/Maison-Ikkoku-Volume-5-Maison-Ikkoku-5-by-Rumiko-Takahashi.pdf
    • http://weisncio.myhome.cx/5625621623628620/Maison-Ikkoku-Volume-13-Maison-Ikkoku-13-by-Rumiko-Takahashi.pdf
    • http://weisncio.myhome.cx/4621629621624623/Rumic-World-Trilogy-Volume-1-Rumic-World-Trilogy-1-by-Rumiko-Takahashi.pdf
    • http://weisncio.myhome.cx/8620629624628621/HONYAKUNOTAMENO-SHUGO-NO-SUITEI-by-YOSHIHIRO-KOKUBU.pdf
    • http://weisncio.myhome.cx/6623622627625628/Midnight-Fishermen-Gekiga-of-the-1970s-by-Yoshihiro-Tatsumi.pdf
    • http://weisncio.myhome.cx/8622626629625622/There-Was-No-Weed-by-R-H-Maxfield.pdf
    • http://weisncio.myhome.cx/8622626629626625/Weed-by-Chris-Page.pdf
    • http://weisncio.myhome.cx/8622626628629621/Weed-by-Theo-de-Vries.pdf
    • http://weisncio.myhome.cx/8622626629621625/Weed-by-Michael-LePage.pdf
    • http://weisncio.myhome.cx/8622626628628627/Weed-by-Clarence-L-Cooper-Jr-.pdf
    • http://weisncio.myhome.cx/2621620622626627/Fire-Weed-by-Terry-Montague.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.