Malicious PDF — malware analysis report

Static analysis result for SHA-256 711811782c11dc51…

MALICIOUS

PDF

13.3 KB Created: 2019-05-01 09:25:32 +01:00 Authoring application: mPDF 5.7 First seen: 2021-06-04
MD5: ccc2711e6e51b85a50c4c4fbfb7a59a2 SHA-1: 75fcae8199ad3516441828eca82a7ad176ca5bac SHA-256: 711811782c11dc5189680ae3b209a3783b70b1cf1984a0a179ffffc1d57faf45
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file contains a large number of embedded URLs, forming a link farm. The ML classifier flagged it as malicious with high confidence. The embedded URLs, while appearing to link to books, are likely part of a lure to download further malicious content, potentially exploiting the 'SE_DOWNLOAD_BUTTON' heuristic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a00a07a05a07a07/Celtic-Illusion-Celtic-Knots-1-by-T-L-Marshall.pdf In PDF document text
    • http://muicuiu.dumb1.com/5a03a06a03a01a08/Celtic-Legends-Of-The-Beyond-A-Celtic-Book-Of-The-Dead-by-Anatole-Le-Braz.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a00a01a06a08a05a05/Celtic-Parables-by-Robert-Van-De-Weyer.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a02a04a01a06a07/Celtic-Mythology-by-Proinsias-Mac-Cana.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a00a02a00a09a00/The-Celtic-Warrior-Princess-by-O-R-Melling.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a08a05a06a05/Celtic-Myths-and-Legends-by-T-W-Rolleston.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a00a01a07a00a04a06/Celtic-Praise-by-Robert-Van-De-Weyer.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a00a01a09a06a07/The-Creatures-Of-Celtic-Myth-by-Bob-Curran.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a01a00a04a05a07/Celtic-Lenormand-by-Chlo-McCracken.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a05a04a04a07/Magic-Celtic-Rogues-2-by-Kimberly-Cates.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a02a07a09a01a09/Queen-of-the-Sun-Celtic-Journeys-2-by-Janeen-O-39-Kerry.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a05a00a04a03a05/After-Rome-A-Novel-of-Celtic-Britain-by-Morgan-Llywelyn.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a01a03a06a01a03a05/Mel-Bay-Celtic-Grooves-for-Two-Cellos-by-Renata-Bratt.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a03a05a04a06/Celtic-Heart-by-Kathryn-Marie-Cocquyt.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a00a07a03a09a07/Nocturne-The-Celtic-Vampyre-Saga-2-by-C-K-Farrell.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a00a07a05a02a07/Dark-Fae-Celtic-Legacy-3-by-Shannon-Mayer.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a02a01a08a01a02/Angel-The-Adventures-of-Gabriel-Celtic-0-3-by-J-T-Lewis.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a02a04a01a07a00/Celtic-Myths-and-Legends-by-Charles-Squire.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a02a04a01a07a02/Dark-Fae-Celtic-Legacy-3-by-Shannon-Mayer.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a00a03a05a08a07/Celtic-Circle-for-Better-for-Worse-by-Sherry-Schubert.pdfIn PDF document text