Malicious PDF — malware analysis report

Static analysis result for SHA-256 90bf7543e0d0cdfd…

MALICIOUS

PDF

15.6 KB Created: 2019-04-29 23:16:14 +01:00 Authoring application: mPDF 5.7
MD5: d0bd1fa1bdcf67fd4e88933920e330f9 SHA-1: ff2f1fcc5cfdd125f52c2107c8b1061b11c7d8ef SHA-256: 90bf7543e0d0cdfdacff9847818f7a6ec178c2c2ec6592409fd33717a1434f1f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified as a link farm. While many of these URLs point to benign content, the sheer volume and the heuristic firing of 'PDF_SEO_LINK_FARM' suggest a malicious intent to manipulate search engine results or to distribute further malicious content. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/9a08a05a03a00a04/The-House-of-Mirth-by-Edith-Wharton---Delphi-Classics-Illustrated-Delphi-Parts-Edition-Edith-Wharton-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/9a01a05a09a05a02/The-Age-of-Innocence-The-Collected-Works-of-Edith-Wharton---43-Volumes-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/4a02a03a06a04a00/The-New-York-Stories-of-Edith-Wharton-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/4a04a02a09a03a01/The-Ghost-Stories-of-Edith-Wharton-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/7a04a08a03a04a08/Edith-Wharton-Selected-Poems-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/5a04a05a00a02/The-Buccaneers-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/4a03a01a08a04a00/The-Reef-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/4a04a07a09a09a06/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/9a07a09a07a07a07/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/1a03a09a02a07a00/Kerfol-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/4a03a05a07a02a07/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/7a05a04a06a06a04/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/1a05a05a03a03/Edith-Wharton-by-R-W-B-Lewis.pdf
    • http://muicuiu.dumb1.com/5a07a05a05a00a01/Sanctuary-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/3a09a02a09a09a09/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/5a07a07a02a04a01/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/3a09a08a05a08a06/Summer-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/7a05a03a09a03a04/The-Age-of-Innocence-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/3a04a03a07a07a05/A-Son-at-the-Front-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com/1a06a07a06a05a07/The-Children-by-Edith-Wharton.pdf
    • http://muicuiu.dumb1.com

Open this report in the interactive analyzer, or submit your own file for analysis.