Malicious PDF — malware analysis report

Static analysis result for SHA-256 631448651710335a…

MALICIOUS

PDF

15.2 KB Created: 2020-03-15 00:55:30 +00:00 Authoring application: mPDF 5.7
MD5: fb7f135302e898b201ef2a49044d665e SHA-1: 467e3b61f49d96dbfb8971ccc4924eab67a944f0 SHA-256: 631448651710335ae2a399ccf0758adb07cbca51704619de83feafe8e3223a4f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, forming a link farm. The ML classifier also flagged this PDF as malicious. The embedded URLs likely serve as a lure to external content, potentially for SEO spam or to host further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://owlaokopdf.myhome.cx/88166816581648167/Alex-Cross-s-Trial-Alex-Cross-15-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/78168816581658163/I-Alex-Cross-Alex-Cross-16-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/2816081618165/Cross-Justice-Alex-Cross-23-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/281698165816781628166/Double-Cross-Alex-Cross-13-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/381608167816781698166/Hope-to-Die-Alex-Cross-22-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/48161816481628163/Cat-and-Mouse-Alex-Cross-4-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/8816881658169/The-People-vs-Alex-Cross-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/281698160816281668160/Along-Came-a-Spider-Alex-Cross-1-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/48164816981658162/Violets-Are-Blue-Alex-Cross-7-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/881618166816881678162/Along-Came-a-Spider-Alex-Cross-Book-1-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/181678168816781638161/Merry-Christmas-Alex-Cross-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/481658164816981658167/City-in-a-Bottle-by-Alex-Patterson.pdf
    • http://owlaokopdf.myhome.cx/181608161816181638166/Hitler-s-Cross-The-Revealing-Story-of-How-the-Cross-of-Christ-Was-Used-as-a-Symbol-of-the-Nazi-Agenda-by-Erwin-W-Lutzer.pdf
    • http://owlaokopdf.myhome.cx/281638169816581628162/Cross-Winds-Seventh-Cross-1-by-Brian-L-Stowe.pdf
    • http://owlaokopdf.myhome.cx/981698165816781688166/Knowing-Alex-Life-With-Agensis-of-the-Corpus-Callosum-by-Alex-Reisenauer.pdf
    • http://owlaokopdf.myhome.cx/18167816581668166/Root-of-Evil-by-James-Cross.pdf
    • http://owlaokopdf.myhome.cx/381648169816681658165/The-Butter-Cross-by-Alison-James.pdf
    • http://owlaokopdf.myhome.cx/281618169816881668162/Taming-Cross-Love-Inc-2-by-Ella-James.pdf
    • http://owlaokopdf.myhome.cx/481618163816081698161/Taming-Cross-Love-Inc-2-by-Ella-James.pdf
    • http://owlaokopdf.myhome.cx/381658165816881628165/Crusader-s-Cross-Dave-Robicheaux-14-by-James-Lee-Burke.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.