Malicious PDF — malware analysis report

Static analysis result for SHA-256 798819d5b3aae949…

MALICIOUS

PDF

18.3 KB Created: 2019-04-30 05:30:22 +01:00 Authoring application: mPDF 5.7
MD5: 6fb0b2b70305d9ec91b1000bee10fbfb SHA-1: b2600f05e85a990235a2b2edd1cbf0c577fd40f4 SHA-256: 798819d5b3aae949e3e79393d3198c7724253747e05a50076534f643f266fa60
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. While the ML classifier also flagged this as malicious, the specific intent appears to be SEO manipulation or a link farm rather than direct malware delivery. The SE_DOWNLOAD_BUTTON heuristic suggests a lure, but no direct malicious payload or script was found within the document itself. The IOCs are the URLs forming the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/5a01a08a03a02/Storm-Siren-Storm-Siren-1-by-Mary-Weber.pdf
    • http://muicuiu.dumb1.com/1a06a03a00a03a04/Birdwoman-Memoirs-of-a-Lovesick-Siren-Diaries-of-a-Siren-Volume1-by-Anne-Carlisle.pdf
    • http://muicuiu.dumb1.com/6a01a09a02a08a06/The-Siren-s-Touch-Siren-1-by-Amber-Belldene.pdf
    • http://muicuiu.dumb1.com/6a01a09a02a06a02/When-the-Siren-Cries-The-Siren-2-by-Tom-Barry.pdf
    • http://muicuiu.dumb1.com/1a03a03a03a02a00/Siren-Siren-1-by-Tricia-Rayburn.pdf
    • http://muicuiu.dumb1.com/6a01a09a02a07a09/Dark-Siren-Dark-Siren-1-by-Eden-Ashley.pdf
    • http://muicuiu.dumb1.com/2a05a04a09a09a07/Storm-Coming-A-Novel-of-the-Civil-War-in-Western-Virginia-Children-of-the-Storm-1-by-Jack-W-Lewis.pdf
    • http://muicuiu.dumb1.com/1a05a00a05a05a05/Storm-Coming-A-Novel-of-the-Civil-War-in-Western-Virginia-Children-of-the-Storm-1-by-Jack-W-Lewis.pdf
    • http://muicuiu.dumb1.com/6a06a02a06/The-Storm-Before-the-Storm-The-Beginning-of-the-End-of-the-Roman-Republic-by-Mike-Duncan.pdf
    • http://muicuiu.dumb1.com/2a08a04a08a03a02/A-Brewing-Storm-Derrick-Storm-1-by-Richard-Castle.pdf
    • http://muicuiu.dumb1.com/6a04a02a05a01a01/Wild-Storm-Derrick-Storm-5-by-Richard-Castle.pdf
    • http://muicuiu.dumb1.com/3a02a07a04a03a03/Three-German-Classics-A-Village-Romeo-amp-Juliet---Gottfried-Keller-Immensee---Theodore-Storm-Lenz---Georg-Buchner-by-Theodor-Storm.pdf
    • http://muicuiu.dumb1.com/2a00a05a04a01a04/Storm-Warnings-by-Marissa-Storm.pdf
    • http://muicuiu.dumb1.com/2a00a08a01a06a08/Jim-Butcher-s-The-Dresden-Files-Storm-Front-Volume-1-The-Gathering-Storm-by-Jim-Butcher.pdf
    • http://muicuiu.dumb1.com/3a09a09a06a03a04/Petals-in-the-Storm-Fallen-Angels-3-Regency-2-by-Mary-Jo-Putney.pdf
    • http://muicuiu.dumb1.com/1a01a06a08a08a01a09/Siren-of-the-Sea-by-Tamora-Rose.pdf
    • http://muicuiu.dumb1.com/7a06a02a00a09/The-Siren-by-Kiera-Cass.pdf
    • http://muicuiu.dumb1.com/1a07a08a02a03a06/Siren-by-John-Everson.pdf
    • http://muicuiu.dumb1.com/6a02a06a04a00/The-Witch-of-Salt-and-Storm-Salt-amp-Storm-1-by-Kendall-Kulper.pdf
    • http://muicuiu.dumb1.com/6a04a08a08a07a06/Siren-s-Reckoning-Operation-El-1-by-J-Johanis.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.