Malicious PDF — malware analysis report

Static analysis result for SHA-256 663f74c6d2edf1e6…

MALICIOUS

PDF

15.5 KB Created: 2020-03-15 00:54:46 +00:00 Authoring application: mPDF 5.7
MD5: d69f102941bb5985373e344ac1fa3449 SHA-1: 509389dbd1a60032c7fb11b6d75a327d7dc9187c SHA-256: 663f74c6d2edf1e60dd275fa831970cab16a7fdd65a8f8244e89cacc71e89cbb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, forming a link farm. This is indicative of a malicious document, likely intended for SEO manipulation or to redirect users to potentially harmful content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://owlaokopdf.myhome.cx/481658164816281608167/Prophecy-of-the-Female-Warrior-Nephilim-Warriors-1-by-Kate-Young.pdf
    • http://owlaokopdf.myhome.cx/381668161816081668160/Prophecy-of-the-Female-Warrior-Nephilim-Warriors-1-by-Kate-Young.pdf
    • http://owlaokopdf.myhome.cx/381678166816681608164/Warrior-Redeemed-Nephilim-Warrior-4-by-Kate-Young.pdf
    • http://owlaokopdf.myhome.cx/881678164816181668169/Mondschein-Warrior-Cats---Die-neue-Prophezeiung-Warriors-The-New-Prophecy-2-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/38164816781618168/Midnight-Warriors-The-New-Prophecy-1-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/981618164816681648168/Mondschein-Warriors-The-New-Prophecy-2-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/38165816681608163/Moonrise-Warriors-The-New-Prophecy-2-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/381648163816181658164/Sunset-Warriors-The-New-Prophecy-6-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/38166816481678168/Sunset-Warriors-The-New-Prophecy-6-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/481658168816281628161/Midnight-Warriors-The-New-Prophecy-1-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/38165816581698168/Starlight-Warriors-The-New-Prophecy-4-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/88169816081648165/Dawn-and-Starlight-Warriors-The-New-Prophecy-3-amp-4-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/38164816481638162/Bluestar-s-Prophecy-Warriors-Super-Edition-2-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/781668165816481638165/The-Warrior-Warriors-1-by-Ty-Patterson.pdf
    • http://owlaokopdf.myhome.cx/28161816081698168/Once-a-Warrior-Warriors-1-by-Karyn-Monk.pdf
    • http://owlaokopdf.myhome.cx/381688168816281698168/Warrior-s-Pain-Cadi-Warriors-4-by-Stephanie-West.pdf
    • http://owlaokopdf.myhome.cx/281668163816081608161/Alien-Warrior-Zerconian-Warriors-1-by-Sadie-Carter.pdf
    • http://owlaokopdf.myhome.cx/88164816381698161/The-Warrior-s-Maiden-The-Warriors-Series-2-by-Denise-Domning.pdf
    • http://owlaokopdf.myhome.cx/48166816581618160/Warriors-Graystripe-1-The-Lost-Warrior-by-Erin-Hunter.pdf
    • http://owlaokopdf.myhome.cx/181618161816281668166/Warriors-Graystripe-2-Warrior-s-Refuge-by-Erin-Hunter.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.