Malicious PDF — malware analysis report

Static analysis result for SHA-256 7eec7094ae1caa37…

MALICIOUS

PDF

17.1 KB Created: 2020-03-15 10:30:55 +00:00 Authoring application: mPDF 5.7
MD5: 7a7e2f57f56e15aaffc023110e967800 SHA-1: 74a36926b0b75c482935f2877da613ca498443e3 SHA-256: 7eec7094ae1caa37e5bd8b5c340587f63fb8c5ac0dc53cc2b62fbaaa6aa58c6a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to a single suspicious domain, indicating a link farm. This is likely intended to redirect users to malicious content or phishing pages. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent. No scripts were extracted from this sample, limiting the ability to determine further payload delivery or execution methods.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/1878871874872872/The-Rapture-In-the-Twinkling-of-an-Eye-Before-They-Were-Left-Behind-3-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/4874878876878870/The-Rapture-In-the-Twinkling-of-an-Eye-Countdown-to-the-Earth-s-Last-Days-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/4870878879878/Assassins-Left-Behind-6-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/3872875875878/Left-Behind-Left-Behind-1-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/7875879874878871/Assassins-Assignment-Jerusalem-Target-Antichrist-Left-Behind-6-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/4877877874877873/I-Want-to-Be-Left-Behind-Finding-Rapture-Here-on-Earth-by-Brenda-Peterson.pdf
    • http://kitasdyu.myhome.cx/7877873877872/Rapture-Rapture-Trilogy-1-by-Phillip-W-Simpson.pdf
    • http://kitasdyu.myhome.cx/2870876876877874/Drowning-in-Rapture-Rapture-1-by-Megan-D-Martin.pdf
    • http://kitasdyu.myhome.cx/1872871876872870/Rapture-Rapture-Trilogy-1-by-Phillip-W-Simpson.pdf
    • http://kitasdyu.myhome.cx/4878874871874878/Sinful-Rapture-The-Rapture-Series-by-Alexandra-Ivy.pdf
    • http://kitasdyu.myhome.cx/4876870874877878/Commies-A-Journey-Through-the-Old-Left-the-New-Left-and-the-Leftover-Left-by-Ronald-Radosh.pdf
    • http://kitasdyu.myhome.cx/3870870874870878/He-Left-Her-at-the-Altar-She-Left-Him-to-the-Zombies-by-Katie-Cord.pdf
    • http://kitasdyu.myhome.cx/2871878871872873/Thunder-of-Heaven-The-End-2-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/1871871871874872872/The-Left-Left-Behind-by-Terry-Bisson.pdf
    • http://kitasdyu.myhome.cx/3871879875874878/The-Unhappy-Gays-What-Everyone-Should-Know-About-Homosexuality-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/3877874879874872/The-Secret-on-Ararat-Babylon-Rising-2-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/9870877874871877/Nicolai---Finale-3-Die-letzten-Tage-der-Erde-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/1875872875878870/Luke-s-Story-By-Faith-Alone-The-Jesus-Chronicles-3-by-Tim-LaHaye.pdf
    • http://kitasdyu.myhome.cx/1870877877876/The-Left-Hand-of-God-The-Left-Hand-of-God-1-by-Paul-Hoffman.pdf
    • http://kitasdyu.myhome.cx/1875871871873/Rapture-by-Susan-Mitchell.pdf
    • http://kitasdyu.myhome.cx/1872

Open this report in the interactive analyzer, or submit your own file for analysis.