Malicious PDF — malware analysis report

Static analysis result for SHA-256 93178862af6feede…

MALICIOUS

PDF

15.3 KB Created: 2019-04-30 17:54:18 +01:00 Authoring application: mPDF 5.7
MD5: d0a82c2eab3f70ad32fb1e61ff59830e SHA-1: 2aca11355cd634e3336463d6def14a94da609250 SHA-256: 93178862af6feedea0d62a76d014690eefbba44d6b86caea49e49b9c1cd679ff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified as a link farm, which is a common technique for SEO poisoning or distributing malicious content. While the URLs themselves are currently flagged as benign, the sheer volume and structure suggest a malicious intent to redirect users to potentially harmful sites. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/2206206206209202/SPQR-VIII-The-River-God-s-Vengeance-SPQR-8-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/2206206206208208/SPQR-IV-The-Temple-of-the-Muses-SPQR-4-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/2206206206209201/SPQR-VII-The-Tribune-s-Curse-SPQR-7-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/2201200205209203/SPQR-X-A-Point-of-Law-SPQR-10-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/1205200209202204/SPQR-III-The-Sacrilege-SPQR-3-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/2201200205203201/SPQR-XII-Oracle-of-the-Dead-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/3209209206/SPQR-A-History-of-Ancient-Rome-by-Mary-Beard.pdf
    • http://xiixmcuin.linkpc.net/2205204206201204/SPQR-A-History-of-Ancient-Rome-by-Mary-Beard.pdf
    • http://xiixmcuin.linkpc.net/2206203204207200/SPQR-A-History-of-Ancient-Rome-by-Mary-Beard.pdf
    • http://xiixmcuin.linkpc.net/4203205204201208/Space-Angel-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/4206207203207201/King-of-the-Wood-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/3203200201204201/Queens-of-Land-and-Sea-by-John-Maddox-Roberts.pdf
    • http://xiixmcuin.linkpc.net/1205209206203208/Reason-For-Vengeance-Dark-Vengeance-1-by-Adrian-D-Roberts.pdf
    • http://xiixmcuin.linkpc.net/3201205204208204/River-s-End-by-Nora-Roberts.pdf
    • http://xiixmcuin.linkpc.net/2201201200205209/Sculptured-Anthropoid-Ape-Heads-Found-in-or-Near-the-Valley-of-the-John-Day-River-a-Tributary-of-the-Columbia-River-Oregon-by-James-Terry.pdf
    • http://xiixmcuin.linkpc.net/3203209208208206/Henry-VIII-The-Quest-For-Fame-by-John-Guy.pdf
    • http://xiixmcuin.linkpc.net/2200209209208/Lord-of-Vengeance-by-Tina-St-John.pdf
    • http://xiixmcuin.linkpc.net/3203208207205201/Love-Letters-of-Henry-VIII-to-Anne-Boleyn-by-Henry-VIII-of-England.pdf
    • http://xiixmcuin.linkpc.net/4207201208202205/The-Tiger-A-True-Story-of-Vengeance-and-Survival-by-John-Vaillant.pdf
    • http://xiixmcuin.linkpc.net/3204209204200205/The-Vengeance-of-the-Witch-Finder-Lewis-Barnavelt-5-by-John-Bellairs.pdf
    • http://xiixmcuin.linkpc.net/4206207203207201/King-of-the-Wo

Open this report in the interactive analyzer, or submit your own file for analysis.