Malicious PDF — malware analysis report

Static analysis result for SHA-256 824ed9bc7f5a466e…

MALICIOUS

PDF

17.0 KB Created: 2019-05-02 00:48:33 +01:00 Authoring application: mPDF 5.7
MD5: 3c0d01dd3846ad4ef901368a86fcccc0 SHA-1: 3974013d57e247ede82b864b126be88591517659 SHA-256: 824ed9bc7f5a466e704f9343e39e4c32518b31f7364f6b46fe17be8ffd5c71ce
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to manipulate search engine results or to serve as a distribution point for further malware. The URLs themselves appear to be part of a link farm strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/8a09a00a05a04/Witch-s-Bell-4-Witch-s-Bell-4-by-Odette-C-Bell.pdf
    • http://muicuiu.dumb1.com/8a08a05a07a01/Witch-s-Bell-1-Witch-s-Bell-1-by-Odette-C-Bell.pdf
    • http://muicuiu.dumb1.com/6a03a00a08a09a08/The-Frozen-Witch-1-by-Odette-C-Bell.pdf
    • http://muicuiu.dumb1.com/9a00a07a09a03a02/The-Bell-Witch-by-Sharon-Sigmond-Shebar.pdf
    • http://muicuiu.dumb1.com/6a03a01a02a00a03/Betrothed-2-by-Odette-C-Bell.pdf
    • http://muicuiu.dumb1.com/6a03a01a01a05a09/Ghost-of-Mind-1-by-Odette-C-Bell.pdf
    • http://muicuiu.dumb1.com/9a06a08a09a00/The-Awkward-Thoughts-of-W-Kamau-Bell-Tales-of-a-6-4-quot-African-American-Heterosexual-Cisgender-Left-Leaning-Asthmatic-Black-and-Proud-Blerd-Mama-s-Boy-Dad-and-Stand-Up-Comedian-by-W-Kamau-Bell.pdf
    • http://muicuiu.dumb1.com/4a07a01a08a05/The-Calling-of-Dan-Matthews-by-Harold-Bell-Wright-Fiction-Classics-Literary-by-Harold-Bell-Wright.pdf
    • http://muicuiu.dumb1.com/2a02a00a05/Ashley-Bell-Ashley-Bell-1-by-Dean-Koontz.pdf
    • http://muicuiu.dumb1.com/4a01a07a05a07a05/Water-Witch-Blood-Witch-Bone-Witch-Witches-of-Etlantium-1-3-by-Thea-Atkinson.pdf
    • http://muicuiu.dumb1.com/6a03a00a09a06a07/A-Plain-Jane-Plain-Jane-1-by-Odette-C-Bell.pdf
    • http://muicuiu.dumb1.com/2a03a04a02a00a08/Something-Like-Thunder-Something-Like-6-by-Jay-Bell.pdf
    • http://muicuiu.dumb1.com/1a02a00a07a03a03/Somebody-I-Used-to-Know-by-David-Bell.pdf
    • http://muicuiu.dumb1.com/8a05a04a07a05a09/Excellence-by-T-H-Bell.pdf
    • http://muicuiu.dumb1.com/1a07a06a06a01a06/Something-Like-Winter-Something-Like-3-by-Jay-Bell.pdf
    • http://muicuiu.dumb1.com/3a04a08a04/Since-She-Went-Away-by-David-Bell.pdf
    • http://muicuiu.dumb1.com/3a00a01a02a03a07/Like-and-Subscribe-by-Jay-Bell.pdf
    • http://muicuiu.dumb1.com/4a08a05a08a00a07/A-D-999-by-Jadrien-Bell.pdf
    • http://muicuiu.dumb1.com/2a02a03a04a08a09/Something-Like-Autumn-Something-Like-2-by-Jay-Bell.pdf
    • http://muicuiu.dumb1.com/5a07a03a08a01/Something-Like-Spring-Something-Like-4-by-Jay-Bell.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.