Malicious PDF — malware analysis report

Static analysis result for SHA-256 6dbda6f08bd9ade1…

MALICIOUS

PDF

13.6 KB Created: 2020-03-18 21:11:56 +00:00 Authoring application: mPDF 5.7
MD5: 10bb30e339a1ee07b7cdbcd4e085b3c8 SHA-1: 43ae1707cac5f801438cd01e0a04dfb757402d90 SHA-256: 6dbda6f08bd9ade18aacaa2b2f992927b1931f81e4132ba82183d99b99287312
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, all hosted on the same suspicious domain. This behavior is indicative of a link farm or a method to distribute further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/2873879878873870/Midnight-s-Emissary-Aileen-Traver-2-by-T-A-White.pdf
    • http://kitasdyu.myhome.cx/3877877875870876/White-Paws-And-A-Dream-Midnight-Matings-8-by-Stormy-Glenn.pdf
    • http://kitasdyu.myhome.cx/2874878879873873/Tempted-by-Midnight-Midnight-Breed-12-5-1001-Dark-Nights-9-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/6878877870876876/Midnight-Oil-Work-Energy-War-1973-1992-by-Midnight-Notes-Collective.pdf
    • http://kitasdyu.myhome.cx/3871877878879877/Cat-in-a-Midnight-Choir-Midnight-Louie-14-by-Carole-Nelson-Douglas.pdf
    • http://kitasdyu.myhome.cx/4874874870870874/Midnight-Shift-Episode-Two-Midnight-Shifters-0-2-by-Renee-George.pdf
    • http://kitasdyu.myhome.cx/1873873876870879/A-Touch-of-Midnight-Midnight-Breed-0-5-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/3874875878879/Ashes-of-Midnight-Midnight-Breed-6-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/2874875870870871/Kiss-of-Midnight-Midnight-Breed-1-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/3875877874873877/Midnight-Rising-Midnight-Breed-4-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/3877876873875877/A-Touch-of-Midnight-Midnight-Breed-0-5-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/9872876879871872/Midnight-Unbound-Midnight-Breed-14-6-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/3876871871878879/Midnight-Vengeance-Men-of-Midnight-1-by-Lisa-Marie-Rice.pdf
    • http://kitasdyu.myhome.cx/2879874874879870/Shades-of-Midnight-Chronicles-of-Midnight-4-by-Debbie-Cassidy.pdf
    • http://kitasdyu.myhome.cx/5877875877874/Midnight-Crossroad-Midnight-Texas-1-by-Charlaine-Harris.pdf
    • http://kitasdyu.myhome.cx/8871871879875875/The-Marquis-At-Midnight-Midnight-Masquerade-1-by-Kate-Harper.pdf
    • http://kitasdyu.myhome.cx/3873879876870870/Darker-After-Midnight-Midnight-Breed-10-by-Lara-Adrian.pdf
    • http://kitasdyu.myhome.cx/5873878871877/Aria-of-the-Sea-by-Dia-Calhoun.pdf
    • http://kitasdyu.myhome.cx/4876871878873874/Eva-of-the-Farm-by-Dia-Calhoun.pdf
    • http://kitasdyu.myhome.cx/4870874878878/Hotter-After-Midnight-Midnight-1-by-Cynthia-Eden.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.