Malicious PDF — malware analysis report

Static analysis result for SHA-256 745d4f98884f0f49…

MALICIOUS

PDF

13.9 KB Created: 2019-05-02 01:06:39 +01:00 Authoring application: mPDF 5.7
MD5: cafc20c6dfcd5bd84f0f21f8b3d593cf SHA-1: 6ddb59e9d1b6e611b9a45924cc35d353d0872fbd SHA-256: 745d4f98884f0f49346b3508253a04e75ca3e75df9d6b960836218a89a8f6c16
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are marked as benign, the sheer volume and the heuristic firing of 'PDF_SEO_LINK_FARM' suggest a malicious intent, possibly for SEO manipulation or to indirectly host malicious content. The ML classifier also flagged the PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/2207208203205/Nine-For-California-by-Sonia-Levitin.pdf
    • http://xiixmcuin.linkpc.net/3205204204208204/Silver-Days-by-Sonia-Levitin.pdf
    • http://xiixmcuin.linkpc.net/1204202205204/The-Mark-of-Conte-by-Sonia-Levitin.pdf
    • http://xiixmcuin.linkpc.net/4207204202200204/Annie-s-Promise-Journey-to-America-3-by-Sonia-Levitin.pdf
    • http://xiixmcuin.linkpc.net/1203208207205/Silver-Days-Journey-to-America-2-by-Sonia-Levitin.pdf
    • http://xiixmcuin.linkpc.net/9202209203204203/Boom-Boom-Boom-by-Jamie-Swenson.pdf
    • http://xiixmcuin.linkpc.net/1201200201209206201/Latino-Boom-II---Catch-the-Biggest-Demographic-Wave-Since-the-Baby-Boom-by-Chiqui-Cartagena.pdf
    • http://xiixmcuin.linkpc.net/9202209204209206/Boom-Bust-Boom-A-Story-About-Copper-the-Metal-that-Runs-the-World-by-Bill-Carter.pdf
    • http://xiixmcuin.linkpc.net/9202207206202/Tap-Tap-Boom-Boom-by-Elizabeth-Bluemle.pdf
    • http://xiixmcuin.linkpc.net/9208200209206/A-Field-Guide-to-Lies-Critical-Thinking-in-the-Information-Age-by-Daniel-J-Levitin.pdf
    • http://xiixmcuin.linkpc.net/2201205209209203/Low-Town-Low-Town-1-by-Daniel-Polansky.pdf
    • http://xiixmcuin.linkpc.net/1200209204209209/Escape-to-Clown-Town-Clown-Town-Adventures-1-by-Tephra-Miriam.pdf
    • http://xiixmcuin.linkpc.net/9202209205207200/The-Big-Boom-by-Domenic-Stansberry.pdf
    • http://xiixmcuin.linkpc.net/9202209205200206/Red-White-and-Boom-by-Lee-Wardlaw.pdf
    • http://xiixmcuin.linkpc.net/4202204202200202/Wolf-Town-Mates-Wolf-Town-1-3-by-Joely-Skye.pdf
    • http://xiixmcuin.linkpc.net/2206202207200201/The-Heart-Goes-Boom-by-Alex-Green.pdf
    • http://xiixmcuin.linkpc.net/9202208208206208/Landstryker-for-Herren-by-Corrie-ten-Boom.pdf
    • http://xiixmcuin.linkpc.net/5200205202204207/The-Hiding-Place-by-Corrie-ten-Boom.pdf
    • http://xiixmcuin.linkpc.net/8209201200200206/boom-by-Peter-Sinn-Nachtrieb.pdf
    • http://xiixmcuin.linkpc.net/9202209205206205/Boom-Listen-To-Your-Heart-by-Roxanne-Rogerson.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.