Malicious PDF — malware analysis report

Static analysis result for SHA-256 676afc00b64fd99b…

MALICIOUS

PDF

15.4 KB Created: 2019-04-30 05:22:54 +01:00 Authoring application: mPDF 5.7
MD5: c3efbbd99a1e9b76c2a7bd382ac71e64 SHA-1: 2005882fa5324f36f573c7578d79b18457593a5e SHA-256: 676afc00b64fd99bf790220ad6419a573949f5bcd279a34eee8b203094699c4e
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs that form a link farm, likely intended to manipulate search engine results or redirect users to malicious content. While the document body is heavily obfuscated, the presence of numerous external links and a critical heuristic firing for a PDF link farm strongly suggests a malicious intent. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a09a03a04a09a00/Freddy-the-Pied-Piper-by-Walter-R-Brooks.pdf
    • http://muicuiu.dumb1.com/3a02a08a05a09a08/Freddy-the-Cowboy-by-Walter-R-Brooks.pdf
    • http://muicuiu.dumb1.com/3a02a08a07a04a05/Freddy-and-Mr-Camphor-by-Walter-R-Brooks.pdf
    • http://muicuiu.dumb1.com/3a02a08a07a04a06/Freddy-and-the-Space-Ship-by-Walter-R-Brooks.pdf
    • http://muicuiu.dumb1.com/3a02a08a06a00a02/Freddy-Plays-Football-by-Walter-R-Brooks.pdf
    • http://muicuiu.dumb1.com/6a09a03a05a04a04/The-Pied-Piper-of-Peru-by-Ann-Tompert.pdf
    • http://muicuiu.dumb1.com/6a07a05a06a03a09/Pied-Piper-Charmed-27-by-Debbie-Vigui-.pdf
    • http://muicuiu.dumb1.com/6a09a03a05a06a00/The-Pied-Piper-of-Hamelin-by-Michele-Lemieux.pdf
    • http://muicuiu.dumb1.com/3a04a09a03a08a04/Pied-Piper-Of-Hamelin-by-Robert-Browning.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a00a03/The-Pied-Piper-of-Hamelin-by-Roberto-Piumini.pdf
    • http://muicuiu.dumb1.com/7a02a08a01a00a08/The-Pied-Piper-of-Hamelin-by-Carolyn-Quattrocki.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a02a09/Pied-Piper-of-Hamelin-by-Sharon-Chimelarz.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a00a01/The-Pied-Piper-of-Hamelin-by-Maren-Briswalter.pdf
    • http://muicuiu.dumb1.com/7a02a08a01a01a01/The-Pied-Piper-of-Hamelin-by-Madge-Miller.pdf
    • http://muicuiu.dumb1.com/6a09a03a06a02a01/Pied-Piper-of-Hamelin-by-Barbara-Bartos-H-ppner.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a00a00/Return-of-the-Pied-Piper-of-Hamelin-by-Gene-W-Zepp.pdf
    • http://muicuiu.dumb1.com/2a01a09a09a02a06/The-Super-Spies-and-the-Pied-Piper-book-3-by-Lisa-Orchard.pdf
    • http://muicuiu.dumb1.com/7a02a07a09a01a08/El-Flautista-De-Hamelin-the-Pied-Piper-of-Hamelin-by-Xos-Ballesteros-Rey.pdf
    • http://muicuiu.dumb1.com/4a07a07a04a08a01/Cold-Blooded-The-Saga-of-Charles-Schmid-the-Notorious-quot-Pied-Piper-of-Tucson-quot-by-John-Gilmore.pdf
    • http://muicuiu.dumb1.com/6a09a03a04a09a03/The-Pied-Piper-of-Hamelin-Russell-Brand-s-Trickster-Tales-1-by-Russell-Brand.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.