Malicious PDF — malware analysis report

Static analysis result for SHA-256 8896a88a79113e5a…

MALICIOUS

PDF

18.0 KB Created: 2019-04-30 02:08:53 +01:00 Authoring application: mPDF 5.7
MD5: 38c61b63dc87ae122806bbf5c69432ef SHA-1: 1f0d0b9260bc5dbf652bb6876276e0367d488bd5 SHA-256: 8896a88a79113e5a73c2365d630460ecc31e4f09f88c19cb04c5e9dda6ea639c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a link farm with 25 external links, all pointing to PDFs on the domain 'muicuiu.dumb1.com'. This heuristic suggests a tactic to drive traffic to a large number of potentially malicious or misleading documents. The ML classifier also flagged this PDF with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/8a08a03a00a09a03/The-Witches-Suspicion-Betrayal-and-Hysteria-in-1692-Salem-by-Stacy-Schiff.pdf
    • http://muicuiu.dumb1.com/8a04a02a02a03a02/1692-Witch-Hunt-The-Layman-s-Guide-To-The-Salem-Witchcraft-Trials-by-George-Malcolm-Yool.pdf
    • http://muicuiu.dumb1.com/1a01a00a03a00a08a00/Witchcraft-The-Big-Spell-Book-The-ultimate-guide-to-witchcraft-spells-rituals-and-wicca-by-Justin-Kase.pdf
    • http://muicuiu.dumb1.com/4a00a08a02a06a03/The-Supernatural-Omnibus-Volume-2-Diabolism-Witchcraft-and-Evil-Lore-by-Montague-Summers.pdf
    • http://muicuiu.dumb1.com/1a01a07a05a07a05a00/Festa-Datasi-Dal-Sig-Conte-A-G-Batthyany-La-Sera-del-30-Gennajo-1828-Nella-Sua-Casa-in-Milano-by-Angelo-Bonfanti.pdf
    • http://muicuiu.dumb1.com/3a02a02a06a05a05/The-Time-Opener-1692-by-J-L-Tracy-Jr-.pdf
    • http://muicuiu.dumb1.com/8a04a02a02a03a08/Steenkerque-1692-by-Gerard-Bavay.pdf
    • http://muicuiu.dumb1.com/8a04a02a03a02a00/1692-Salem-s-Guardian-by-A-Mazur.pdf
    • http://muicuiu.dumb1.com/8a04a02a03a01a06/The-Salem-Belle-A-Tale-of-1692-by-Anonymous.pdf
    • http://muicuiu.dumb1.com/8a04a02a02a08a06/The-Chronicles-of-an-old-Campaigner-1692-1717-by-M-De-La-Colonie.pdf
    • http://muicuiu.dumb1.com/4a07a08a04a08a00/Hysteria-by-P-W-Creighton.pdf
    • http://muicuiu.dumb1.com/8a04a02a02a09a08/The-Salem-Belle-a-Tale-of-1692-by-Tappand-and-Dennet.pdf
    • http://muicuiu.dumb1.com/8a03a08a08a02a08/Glencoe-The-Infamous-Massacre-1692-by-John-Sadler.pdf
    • http://muicuiu.dumb1.com/8a08a02a09a09a00/Hysteria-by-Terry-Johnson.pdf
    • http://muicuiu.dumb1.com/8a08a03a00a08a07/Hysteria-by-Andreya-Stuart.pdf
    • http://muicuiu.dumb1.com/1a01a00a06a05a05/Hysteria-by-Megan-Miranda.pdf
    • http://muicuiu.dumb1.com/8a08a03a02a08a03/Hysteria-by-Jean-Claude-Roy.pdf
    • http://muicuiu.dumb1.com/3a04a06a09a04a06/Hysteria-by-Megan-Miranda.pdf
    • http://muicuiu.dumb1.com/8a08a03a01a05a05/Hysteria-by-Christopher-Gordon.pdf
    • http://muicuiu.dumb1.com/5a00a08a03a06a09/Discovering-the-Scottish-Revolution-1692-1746-by-Neil-Davidson.pdf
    • http://muicuiu.dumb1.com/

Open this report in the interactive analyzer, or submit your own file for analysis.