Malicious PDF — malware analysis report

Static analysis result for SHA-256 6ec653f98930a576…

MALICIOUS

PDF

15.5 KB Created: 2019-05-05 16:26:21 +01:00 Authoring application: mPDF 5.7 First seen: 2021-10-16
MD5: 6c9a510f045c5e91b1f69a849c782ab2 SHA-1: e5243ddedf872f723c56eb00497f49d0d9fb2002 SHA-256: 6ec653f98930a576c905913da8fcf2ccd3fb153bae1fe53ea980172faf42a918
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous links suggests an attempt to direct users to external content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a01a05a02a08a05/The-Power-of-Two-T-Witches-1-by-H-B-Gilmour.pdf In PDF document text
    • http://muicuiu.dumb1.com/3a01a08a03a09a02/Witches-Gone-Wicked-Womby-s-School-for-Wayward-Witches-3-by-Sarina-Dorie.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a00a03a04a04a03/Enough-by-H-B-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/9a09a05a05a02/Extraordinary-by-David-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a03a05a09a04a03/Lost-Between-Houses-by-David-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a07a05a06a03a08/Friend-or-Faux-Clueless-6-by-H-B-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a01a07a03a05a07a00/The-Power-of-Praying-A-3-In-1-Collection-The-Power-of-a-Praying-Wife-The-Power-of-a-Praying-Parent-The-Power-of-a-Praying-Woman-by-Stormie-Omartian.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a05a06a00a00a04/The-Film-Club-A-Memoir-by-David-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a07a02a02a09a03/Betrayed-Rosie-Gilmour-4-by-Anna-Smith.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a05a04a09a01/A-Perfect-Night-to-Go-to-China-by-David-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a08a09a03a04a09/Curzon-Imperial-Statesman-by-David-Gilmour.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a07a02a02a08a04/To-Tell-The-Truth-Rosie-Gilmour-2-by-Anna-Smith.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a07a02a02a09a00/Screams-In-The-Dark-Rosie-Gilmour-3-by-Anna-Smith.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a06a01a05a09a07/Death-Trap-Rosie-Gilmour-8-by-Anna-Smith.pdfIn PDF document text
    • http://muicuiu.dumb1.com/9a03a02a09a06a01/The-Skipper-s-Dog-Called-Stalin-Harry-Gilmour-2-by-David--Black.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a08a04a03a05a05/The-Whitby-Witches-The-Whitby-Witches-1-by-Robin-Jarvis.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a00a01a07a04/The-Witches-Sleep-The-Witches-Sleep-1-by-Kaitlyn-Deann.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a00a07a02a04a00/Night-of-the-Witches-The-Bocor-Night-of-the-Witches-2-by-Don-Festge.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a08a03a03a01a04/Witches-Anonymous-Witches-Anonymous-1-by-Misty-Evans.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a07a08a07a07/The-Witches-of-Eileanan-The-Witches-of-Eileanan-1-by-Kate-Forsyth.pdfIn PDF document text