Malicious PDF — malware analysis report

Static analysis result for SHA-256 94fbc23e659e73e1…

MALICIOUS

PDF

14.2 KB Created: 2019-04-30 04:22:57 +01:00 Authoring application: mPDF 5.7
MD5: caa0a79ea2e14684a7c4475a1a2a5594 SHA-1: 621d907ea672ecdbf9518b281f9a6a93272d763a SHA-256: 94fbc23e659e73e1f0ac642162bb473bc25604bc890915ab474601f61e19e8a6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF document contains a large number of embedded links to external PDF files hosted on the domain 'muicuiu.dumb1.com'. This behavior is indicative of a link farm or a phishing lure designed to direct users to potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu
    • http://muicuiu.dumb1.com/5a00a03a08a07a03/Dead-to-Rights-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/2a00a06a00a04a06/Backlash-Winter-s-Wrath-1-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/1a09a00a06a03a03/Offside-The-Dartmouth-Cobras-4-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/1a01a02a02a05a04a07/Butterfly-Style-The-Dartmouth-Cobras-8-5-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/4a01a03a08a04a02/Defensive-Zone-The-Dartmouth-Cobras-2-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/2a00a05a09a06a02/Iron-Cross-The-Dartmouth-Cobras-6-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/7a05a08a02a05a00/Mauvaise-Conduite-Les-Cobras-de-Dartmouth-1-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/2a00a06a01a07a00/The-Dartmouth-Cobras-Volume-2-The-Dartmouth-Cobras-4-6-by-Bianca-Sommerland.pdf
    • http://muicuiu.dumb1.com/3a02a07a04a07a01/Love-Entwined-Entwined-1-by-M-C-Decker.pdf
    • http://muicuiu.dumb1.com/3a07a05a09a07a01/Entwined-with-You-Crossfire-3-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/1a03a02a03a04a06/Entwined-with-You-Crossfire-3-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/4a01a00a09a04a08/Entwined-with-You-Crossfire-3-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/3a06a04a03a01a01/Entwined-by-Liberty-Lace.pdf
    • http://muicuiu.dumb1.com/4a09a04a02a03a06/Entwined-by-Heather-Dixon-Wallwork.pdf
    • http://muicuiu.dumb1.com/1a07a08a04a08a01/The-Rise-of-Kyro-Entwined-2-by-H-T-Night.pdf
    • http://muicuiu.dumb1.com/1a00a01a02a06a08/The-First-Glance-Entwined-2-by-Rocky-Rochford.pdf
    • http://muicuiu.dumb1.com/1a01a04a06a00a00a02/Holly-and-Ivy-Entwined-by-Sidonie-Spice.pdf
    • http://muicuiu.dumb1.com/1a08a09a06a00a02/Entwined-with-the-Dark-Kindred-7-by-Nicola-Claire.pdf
    • http://muicuiu.dumb1.com/8a06a03a06a06/Entwined-Eternal-Guardians-2-by-Elisabeth-Naughton.pdf
    • http://muicuiu.dumb1.com/3a06a08a09a01a06/Remember-Me-Entwined-Fates-5-by-Trista-Ann-Michaels.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.