Malicious PDF — malware analysis report

Static analysis result for SHA-256 847e06f93b67d7c6…

MALICIOUS

PDF

41.3 KB Created: 2019-04-30 05:06:30 +01:00 Authoring application: mPDF 5.7 First seen: 2021-08-20
MD5: c12e3f5ff5f4581ebf1c49c04a574dfc SHA-1: d027237b0ab3040c207f4cd3859d22e227a81ad8 SHA-256: 847e06f93b67d7c6d07112b658658ce8d904d8604abbf30e8e152111293cea6b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to a domain that appears to be used for hosting numerous documents, suggesting a potential SEO poisoning or content hosting attack. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9703

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a01a04a06a06a03a08/Federal-Motion-Picture-Commission-Hearings-Before-the-Committee-on-Education-House-of-Representatives-Sixty-Fourth-Congress-First-Session-on-H-R-456-a-Bill-to-Create-a-New-Division-of-the-Bureau-of-Education-to-Be-Known-as-the-Federal-Motion-Pictu-by-Unknown.pdf In PDF document text
    • http://muicuiu.dumb1.com/6a05a06a03a06a00/Ellsworth-R-Bathrick-Late-a-Representative-from-Ohio-Memorial-Addresses-Delivered-in-the-House-of-Representatives-of-the-United-States-Sixty-Fifth-Congress-Second-Session-Proceedings-in-the-House-February-10-1918-Proceedings-in-the-Senate-Janua-by-U-S-Congress.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a06a08a09a08a05/Administration-s-Recreation-Fee-Proposals-Hearing-Before-the-Subcommittee-on-National-Parks-Forests-and-Public-Lands-of-the-Committee-on-Natural-Resources-House-of-Representatives-One-Hundred-Third-Congress-First-Session-on-the-Administration-s-Recre-by-Forgotten-Books.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a01a06a03a07a05/Federal-Prison-Handbook-The-Definitive-Guide-to-Surviving-the-Federal-Bureau-of-Prisons-by-Christopher-Zoukis.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a07a00a05a03a07/Creating-the-Bill-of-Rights-The-Documentary-Record-from-the-First-Federal-Congress-by-Helen-E-Veit.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a05a06a03a06a01/Speech-of-Hon-Jas-W-Throckmorton-of-Texas-In-the-House-of-Representatives-March-1-1877-Together-with-the-Report-of-the-Hon-L-Q-C-Lamar-of-Mississippi-Chairman-of-the-Committee-on-Pacific-Railroads-Made-to-the-House-of-Representatives-Janua-by-J-W-Throckmorton.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a05a06a03a06a09/Speech-of-Hon-Jas-W-Throckmorton-of-Texas-in-the-House-of-Representatives-March-1-1877-Together-with-the-Report-of-the-Hon-L-Q-C-Lamar-of-Mississippi-Chairman-of-the-Committee-on-Pacific-Railroads-Made-to-the-House-of-Representatives-Janua-by-J-W-1825-1894-Throckmorton.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a04a02a01a02a07/FBP-Federal-Bureau-of-Physics-Vol-1-The-Paradigm-Shift-by-Simon-Oliver.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a09a00a05a06/Code-of-Federal-Regulations-Title-26-Internal-Revenue-Pt-2-29-Revised-as-of-April-1-2009-by-U-S-Office-of-the-Federal-Register.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a05a09a08a07/Code-of-Federal-Regulations-Title-26-Internal-Revenue-Pt-1-Sections-1-908-1-1000-Revised-as-of-April-1-2010-by-U-S-Office-of-the-Federal-Register.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a05a08a08a06a02/Implications-of-the-Booker-Fanfan-Decisions-for-the-Federal-Sentencing-Guidelines-by-United-States-Congress.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a03a00a00a01/Now-a-Major-Motion-Picture-by-Cori-McCarthy.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a04a08a07a09a03/America-s-Bank-The-Epic-Struggle-to-Create-the-Federal-Reserve-by-Roger-Lowenstein.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a02a05a00a03/Letters-to-God-From-the-Major-Motion-Picture-by-Patrick-Doughtie.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a00a00a09a04a05/Creative-Motion-Graphic-Titling-for-Film-Video-and-the-Web-Dynamic-Motion-Graphic-Title-Design-by-Yael-Braha.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a07a03a08a00a06/Motions-Cloture-Constructive-Vote-of-No-Confidence-Motion-of-No-Confidence-Subsidiary-Motion-by-Books-LLC.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a07a08a03a01a06/Memoirs-Of-A-Geisha-Music-From-The-Motion-Picture-Soundtrack-by-John-Williams.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a01a00a04a00a04a01/The-Fault-in-Our-Stars-Music-from-the-Motion-Picture-Soundtrack-by-Hal-Leonard-Publishing-Company.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a05a06a03a04a08/Statement-of-Hon-James-H-Eckels-Comptroller-of-the-Currency-Made-Before-the-Committee-on-Banking-and-Currency-House-of-Representatives-at-the-Request-of-the-Committee-on-the-Existing-Financial-and-Banking-Situation-and-the-Proposed-Remedies-Janua-by-James-H-Eckels.pdfIn PDF document text
    • http://muicuiu.dumb1.com/8a02a06a07a01a02/Education-for-Awakening-An-Eastern-Approach-to-Holistic-Education-Foundations-of-Holistic-Education-Series-by-Yoshiharu-Nakagawa.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.