Malicious PDF — malware analysis report

Static analysis result for SHA-256 7195887d463397dc…

MALICIOUS

PDF

17.6 KB Created: 2019-05-07 09:28:03 +01:00 Authoring application: mPDF 5.7
MD5: 83abf6e2e6d23e609b654cadd7d7541e SHA-1: e86a0c1563f921713b5ae534711f9824e52ee04d SHA-256: 7195887d463397dc952ffb1759fd8bd75e7658a80c83c5ee71e8e39a52aad82e
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. While the document body is unreadable, the 'PDF_SEO_LINK_FARM' heuristic and the numerous embedded URLs strongly suggest a malicious intent to redirect users to potentially harmful content. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a03a05a00a07/Under-the-Volcano-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/7a03a06a04a07a04/Ultramarine-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/2a01a04a07a09a07/Under-the-Volcano-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/4a04a08a04a06a01/Under-the-Volcano-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/1a00a06a05a08a05a06/Aphra-Benn-by-George-Woodcock.pdf
    • http://muicuiu.dumb1.com/7a06a08a09a04a07/Gabriel-Dumont-by-George-Woodcock.pdf
    • http://muicuiu.dumb1.com/5a09a01a04a04/October-Ferry-To-Gabriola-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/7a04a08a06a01a07/The-1940-UNDER-THE-VOLCANO-A-Critical-Edition-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/3a00a01a07a08a03/Dark-As-The-Grave-Wherein-My-Friend-Is-Laid-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/4a09a08a00a04a08/The-Voyage-That-Never-Ends-Fictions-Poems-Fragments-Letters-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/1a05a09a03a05a09/Fifty-Years-a-Hunter-and-Trapper-Experiences-and-Observations-of-E-N-Woodcock-the-Noted-Hunter-and-Trapper-by-Eldred-Nathaniel-Woodcock.pdf
    • http://muicuiu.dumb1.com/4a08a08a09a03a03/The-Last-Year-of-Malcolm-X-The-Evolution-of-a-Revolutionary-by-George-Breitman.pdf
    • http://muicuiu.dumb1.com/8a04a02a02a03a02/1692-Witch-Hunt-The-Layman-s-Guide-To-The-Salem-Witchcraft-Trials-by-George-Malcolm-Yool.pdf
    • http://muicuiu.dumb1.com/3a02a03a07a08a07/The-Autobiography-of-Malcolm-X-As-Told-to-Alex-Haley-by-Malcolm-X.pdf
    • http://muicuiu.dumb1.com/4a01a03a05a09a04/My-Magnificent-Life-Planner-2016-by-Sharon-Woodcock.pdf
    • http://muicuiu.dumb1.com/4a01a09a07a08a00/The-Autobiography-of-Malcolm-X-by-Malcolm-X.pdf
    • http://muicuiu.dumb1.com/3a03a09a07a00a06/The-Autobiography-of-Malcolm-X-by-Malcolm-X.pdf
    • http://muicuiu.dumb1.com/9a01a09a00a00a03/The-Autobiography-of-Malcolm-X-by-Malcolm-X.pdf
    • http://muicuiu.dumb1.com/2a08a03a06a05a03/The-Autobiography-of-Malcolm-X-by-Malcolm-X.pdf
    • http://muicuiu.dumb1.com/7a00a05a04a01a06/Canadian-Murderers-of-Children-Chris-Benoit-Karla-Homolka-Paul-Bernardo-Clifford-Olson-Peter-Woodcock-Michael-Briere-Kruze-Wellwood-by-Books-LLC.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.