Malicious PDF — malware analysis report

Static analysis result for SHA-256 889aed067153e485…

MALICIOUS

PDF

17.3 KB Created: 2019-05-02 05:04:12 +01:00 Authoring application: mPDF 5.7
MD5: fa1a8900599c52a38843b52be6af8e93 SHA-1: d9919777ea2ef6c5b3d8d9f226837d100608cbb2 SHA-256: 889aed067153e48556aaadf7fccfb7f2ef0282fb3feda66af9ea70ec59336ef9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of external links, forming a link farm, with the primary URL being http://xiixmcuin.linkpc.net/1200206207205206205/Lawrence-Welk-s-Bunny-Rabbit-Concert-by-Lawrence-Welk.pdf. This suggests a social engineering or SEO poisoning attack designed to drive traffic to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/1200206207205206205/Lawrence-Welk-s-Bunny-Rabbit-Concert-by-Lawrence-Welk.pdf
    • http://xiixmcuin.linkpc.net/1200206207206200209/The-Lawrence-Welk-Show-Then-amp-Now-by-Laura-Segall.pdf
    • http://xiixmcuin.linkpc.net/1200206207206200207/The-Lawrence-Welk-Scrapbook-by-Susan-Katz.pdf
    • http://xiixmcuin.linkpc.net/1200206207206202202/The-Lawrence-Welk-Show-Treasury-of-Photos-by-Jo-Ann-Young.pdf
    • http://xiixmcuin.linkpc.net/1200206207205206200/Lawrence-Welk-An-American-Institution-by-William-K-Schwienher.pdf
    • http://xiixmcuin.linkpc.net/1200206207206201201/Champagne-Music-The-Lawrence-Welk-Show-by-Coyne-S-Sanders.pdf
    • http://xiixmcuin.linkpc.net/1200206207206201208/Wunnerful-Wunnerful-The-Autobiography-of-Lawrence-Welk-by-Bernice-McGeehan.pdf
    • http://xiixmcuin.linkpc.net/9208205203200200/Lady-Chatterley-s-Lover-by-D-H-Lawrence-Illustrated-Delphi-Parts-Edition-D-H-Lawrence-by-D-H-Lawrence.pdf
    • http://xiixmcuin.linkpc.net/1200206207208203200/The-Gift-of-God-by-Angeline-Welk.pdf
    • http://xiixmcuin.linkpc.net/1200206207205206202/Something-Wicked-in-the-Air-by-Mary-Welk.pdf
    • http://xiixmcuin.linkpc.net/1200206207208201208/Mitarbeitergesprache-in-Der-Pflege-by-Ina-Welk.pdf
    • http://xiixmcuin.linkpc.net/1200206207208208208/The-Living-Alphabet-by-Angeline-Welk.pdf
    • http://xiixmcuin.linkpc.net/1200206207207203204/Fire-of-the-Heart-Color-Edition-by-Angeline-Welk.pdf
    • http://xiixmcuin.linkpc.net/1200203209200202208/THE-PLUMED-SERPENT-by-D-H-Lawrence-author-of-Sons-and-Lovers-The-Rainbow-Women-in-Love-and-Lady-Chatterley-s-Lover-Annotated-by-D-H-Lawrence.pdf
    • http://xiixmcuin.linkpc.net/6208209206206200/The-St-Lawrence-Hall-Guide-from-Niagara-Falls-to-the-Saguenay-by-Montreal-St-Lawrence-Hall.pdf
    • http://xiixmcuin.linkpc.net/4208201207207204/Rabbit-Trail-How-a-Former-Playboy-Bunny-Found-Her-Way-by-Tricia-Pimental.pdf
    • http://xiixmcuin.linkpc.net/1200205203202202/Down-the-Rabbit-Hole-Curious-Adventures-and-Cautionary-Tales-of-a-Former-Playboy-Bunny-Book-Summary-by-Summary-Elite.pdf
    • http://xiixmcuin.linkpc.net/1201202201207201206/D-H-Lawrence-by-D-H-Lawrence.pdf
    • http://xiixmcuin.linkpc.net/1208203200201200/The-Fox-by-D-H-Lawrence.pdf
    • http://xiixmcuin.linkpc.net/4203200200205200/The-Fox-by-D-H-Lawrence.pdf
    • http://xiixmcuin.linkpc.net/120020

Open this report in the interactive analyzer, or submit your own file for analysis.