Malicious PDF — malware analysis report

Static analysis result for SHA-256 9615ad81c8de25b0…

MALICIOUS

PDF

19.5 KB Created: 2020-03-15 21:22:25 +00:00 Authoring application: mPDF 5.7
MD5: ddb04ed3b4ffcfded6afbe62f3c86e6b SHA-1: 9c357ac52f723f83daabd0bd7c48285f018f10aa SHA-256: 9615ad81c8de25b056e7e4fa350f1b0d553f84684293163df76a3040643c179b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files. This technique, known as a link farm, is often used to distribute malware or redirect users to phishing websites. The embedded URLs are the primary indicators of malicious activity in this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://peldoaio.myhome.cx/23d03d43d03d23d8/The-Cupcake-Witch-The-Witching-Hour-Collection-The-Chancellor-Fairy-Tales-2-by-Poppy-Lawless.pdf
    • http://peldoaio.myhome.cx/13d03d43d43d83d13d5/The-Anne-Rice-Value-Collection-Lasher-The-Witching-Hour-Taltos-by-Anne-Rice.pdf
    • http://peldoaio.myhome.cx/23d03d43d13d43d4/The-Glass-Mermaid-by-Poppy-Lawless.pdf
    • http://peldoaio.myhome.cx/13d83d43d23d73d2/The-Wily-Witch-and-All-the-Other-Fairy-Tales-and-Fables-by-Godfried-Bomans.pdf
    • http://peldoaio.myhome.cx/33d73d63d03d73d6/The-Witching-Hour-by-Jeph-Loeb.pdf
    • http://peldoaio.myhome.cx/13d43d73d93d23d5/The-Witching-Hour-Eternal-Lovers-1-by-Marie-Hall.pdf
    • http://peldoaio.myhome.cx/43d83d33d23d73d0/The-Witching-Hour-Lives-of-the-Mayfair-Witches-1-by-Anne-Rice.pdf
    • http://peldoaio.myhome.cx/13d83d83d93d53d8/Bedtime-Stories-A-Collection-of-Erotic-Fairy-Tales-by-Jean-Johnson.pdf
    • http://peldoaio.myhome.cx/43d93d23d03d43d5/Murder-at-the-Witching-Hour-Sand-and-Sea-Hawaiian-Mystery-3-by-Kathi-Daley.pdf
    • http://peldoaio.myhome.cx/63d23d73d33d53d5/Southern-Witching-Bless-Your-Witch-9-by-Amy-Boyles.pdf
    • http://peldoaio.myhome.cx/53d73d43d73d43d6/BDSM-Romance-Collection-by-Anita-Lawless.pdf
    • http://peldoaio.myhome.cx/13d03d23d83d63d9/The-Witching-Pen-The-Witching-Pen-Novellas-1-by-Dianna-Hardy.pdf
    • http://peldoaio.myhome.cx/93d13d53d93d8/Her-Stories-African-American-Folktales-Fairy-Tales-and-True-Tales-by-Virginia-Hamilton.pdf
    • http://peldoaio.myhome.cx/93d23d83d93d53d3/100-Creamy-Delicious-amp-Easy-To-Make-CupCake-Recipes-The-Cupcake-Cookbook-by-Sehr-Ali.pdf
    • http://peldoaio.myhome.cx/63d53d53d03d13d6/The-Cupcake-Diaries-Recipes-and-Memories-from-the-Sisters-of-Georgetown-Cupcake-by-Katherine-Kallinis-Berman.pdf
    • http://peldoaio.myhome.cx/53d63d43d53d63d1/Alexis-Cupcake-Crush-Cupcake-Diaries-28-by-Coco-Simon.pdf
    • http://peldoaio.myhome.cx/73d73d63d13d8/Alexis-The-Icing-on-the-Cupcake-Cupcake-Diaries-20-by-Coco-Simon.pdf
    • http://peldoaio.myhome.cx/13d63d93d93d73d8/Witching-Hour-The-Art-of-Larry-MacDougall-by-Larry-MacDougall.pdf
    • http://peldoaio.myhome.cx/83d53d03d63d53d0/Robert-Walser-Rediscovered-Stories-Fairy-Tale-Plays-and-Critical-Responses--Including-the-Anti-Fairy-Tales-Cinderella-and-Snowwhite-by-Robert-Walser.pdf
    • http://peldoaio.myhome.cx/23d93d73d03d53d9/True-of-Blood-Witch-Fairy-1-by-Bonnie-Lamer.pdf
    • http://peldoaio.myhome.cx/63d23d73d33d5

Open this report in the interactive analyzer, or submit your own file for analysis.