Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e869a3e67438d68…

MALICIOUS

PDF

17.6 KB Created: 2019-04-30 04:48:31 +01:00 Authoring application: mPDF 5.7
MD5: 22c8ff2b0c8aa31f461dd7a74263a5ea SHA-1: 93d91b0094b1c610f6f2d16dcdc37e80653b2a52 SHA-256: 8e869a3e67438d68ca52b6b745bed2b66547f0a87206add388ce2918037c5d75
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or SEO poisoning attack. While the ML classifier strongly indicates maliciousness, the specific intent beyond link manipulation is unclear as no scripts were extracted and the document body is unreadable. The URLs themselves are currently classified as benign, but the sheer volume and the heuristic firing warrant suspicion.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a02a05a03a06a09/The-Alphabet-Zoo-by-Jean-E-Laird.pdf
    • http://muicuiu.dumb1.com/1a08a05a01a03a03/ABC-with-Birds---The-Bird-Alphabet-Book-A-Children-s-ABC-Bedtime-Book-for-Kids-Toddlers-amp-Preschoolers-alphabet-books-for-preschoolers-alphabet-books-for-kindergarten-alphabet-illustrated-4-by-Merrily-Home.pdf
    • http://muicuiu.dumb1.com/3a00a00a03a08a02/A-Laird-to-Hold-A-Laird-for-All-Time-5-by-Angeline-Fortin.pdf
    • http://muicuiu.dumb1.com/4a07a09a03a07a06/A-Is-For-Alligator-B-Is-For-Bear-Animal-Alphabet-The-Alphabet-Series-1-by-N-V-Smith.pdf
    • http://muicuiu.dumb1.com/3a08a03a02a09a01/Welcome-to-Nowhere-by-Elizabeth-Laird.pdf
    • http://muicuiu.dumb1.com/2a02a03a00a06a06/Red-Sky-in-the-Morning-by-Elizabeth-Laird.pdf
    • http://muicuiu.dumb1.com/2a08a05a02a06a00/Beyond-the-Wall-by-Christa-Laird.pdf
    • http://muicuiu.dumb1.com/1a01a09a03a06a08a07/Neverhome-by-Laird-Hunt.pdf
    • http://muicuiu.dumb1.com/8a03a01a01a01/The-Laird-s-Inheritance-by-George-MacDonald.pdf
    • http://muicuiu.dumb1.com/9a09a05a05a07a03/The-Laird-s-Murder-or-was-it-by-Millie-Aveyard.pdf
    • http://muicuiu.dumb1.com/5a00a05a03a08a02/Feel-Free-by-Nick-Laird.pdf
    • http://muicuiu.dumb1.com/1a08a08a07a07a09/Dark-Water-by-Chynna-T-Laird.pdf
    • http://muicuiu.dumb1.com/1a00a07a00a06a08/Jake-s-Tower-by-Elizabeth-Laird.pdf
    • http://muicuiu.dumb1.com/9a07a07a09a04/Occultation-and-Other-Stories-by-Laird-Barron.pdf
    • http://muicuiu.dumb1.com/4a05a09a04a01a08/Kidnapping-the-Laird-by-Terri-Brisbin.pdf
    • http://muicuiu.dumb1.com/3a00a06a01a07a05/The-Light-is-the-Darkness-by-Laird-Barron.pdf
    • http://muicuiu.dumb1.com/8a00a02a07a09a09/Oh-My-Laird-Regency-Rascals-4-by-Sahara-Kelly.pdf
    • http://muicuiu.dumb1.com/2a01a00a08a00a07/Wildflowers-of-Mount-Rainer-by-Laird-R-Blackwell.pdf
    • http://muicuiu.dumb1.com/3a00a00a03a07a05/A-Time-amp-Place-for-Every-Laird-by-Angeline-Fortin.pdf
    • http://muicuiu.dumb1.com/3a02a00a04a08/The-Betrayal-of-Maggie-Blair-by-Elizabeth-Laird.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.