Malicious PDF — malware analysis report

Static analysis result for SHA-256 817fc797b32e84d4…

MALICIOUS

PDF

13.6 KB Created: 2020-03-13 20:19:54 +00:00 Authoring application: mPDF 5.7
MD5: 29141e0d054f0e2e03d010cdc5c360eb SHA-1: c45cd1df5019dc7a3f6e19b0d547d57e2c3d34f9 SHA-256: 817fc797b32e84d4ef1da49c738577b9c3e8a31b9ade7dbb841e5afc5968a1c4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The embedded URLs likely serve as a lure to redirect users to malicious websites or download further payloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/2876877870874/Nine-Black-Doves-The-Collected-Stories-of-Roger-Zelazny-Vol-5-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2877875871870/Devil-Car-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/4870871877878877/Lord-of-Light-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2877873874872/He-Who-Shapes-The-Infinity-Box-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/8876875870872877/Tore-in-der-W-ste-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2879872871879877/A-Dark-Traveling-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/4878877871872871/Lord-of-Light-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/3875870870878870/Doorways-In-The-Sand-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/7878872877870873/Jack-of-Shadows-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2875870874875/Doorways-in-the-Sand-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/3870873877873876/Today-We-Choose-Faces-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2876878871870/The-Engine-at-Heartspring-s-Center-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/1871874872871873874/Os-Trunfos-do-Mal-Cr-nicas-de-Amber-6-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/6872875870874/The-Chronicles-of-Amber-Volume-II-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2874875877879/Permafrost-Skin-Deep-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2876878870877/The-Hand-of-Oberon-The-Chronicles-of-Amber-4-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2875871871870/The-Doors-of-His-Face-the-Lamps-of-His-Mouth-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/4876878872870871/Sign-of-Chaos-Amber-Chronicles-8-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/1877878870874872/Knight-of-Shadows-The-Chronicles-of-Amber-9-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/4876872874878/The-Guns-of-Avalon-The-Chronicles-of-Amber-2-by-Roger-Zelazny.pdf
    • http://kitasdyu.myhome.cx/2876878871870/The-Engine-at-H

Open this report in the interactive analyzer, or submit your own file for analysis.