Malicious PDF — malware analysis report

Static analysis result for SHA-256 961d709ac1cb1623…

MALICIOUS

PDF

16.4 KB Created: 2020-03-20 11:27:23 +00:00 Authoring application: mPDF 5.7
MD5: 9a9756492b86d685ee321331d42384a5 SHA-1: c4d5b32090d6d141de21f51bc3f17087bad503f0 SHA-256: 961d709ac1cb1623c737bbb6a3afa23d7af59c81a3767c177734cc012dec0c89
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDFs hosted on the domain 'ieuicufioao.myhome.cx'. The ML_NYX_PDF_MALICIOUS classifier also flagged this file with high confidence. The embedded links likely serve as a lure to download further malicious content or redirect users to phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ieuicufioao.myhome.cx/1553558554555555/The-Forgotten-Animorphs-11-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/4550553554558552/Animorphs-Boxset-The-Familiar-The-Journey-The-Test-The-Unexpected-Animorphs-41-44-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/6557554556559559/Animorphs-Boxset-The-Illusion-The-Prophecy-The-Proposal-The-Mutation-Animorphs-33-36-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/8550557556555553/The-Other-Animorphs-40-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1553559552556551/The-Message-Animorphs-4-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1550552555557558/The-Mutation-Animorphs-36-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/5553551555557/The-Invasion-Animorphs-1-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/2556556555559558/The-Encounter-Animorphs-3-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/4550552557554557/The-Weakness-Animorphs-37-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1553559550557559/The-Stranger-Animorphs-7-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1554553550553554/The-Sacrifice-Animorphs-52-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1550553554552551/The-Attack-Animorphs-26-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/7551558556557559/The-Deception-Animorphs-46-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/5555550556559558/The-Resistance-Animorphs-47-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1553558556552553/The-Diversion-Animorphs-49-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1553558558556557/The-Pretender-Animorphs-23-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/1553558557557551/The-Illusion-Animorphs-33-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/2556556553558551/The-Unknown-Animorphs-14-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/2556556556550550/The-Visitor-Animorphs-2-by-K-A-Applegate.pdf
    • http://ieuicufioao.myhome.cx/4553552554557559/The-Last-of-the-Doughboys-The-Forgotten-Generation-and-Their-Forgotten-World-War-by-Richard-Rubin.pdf
    • http://ieuicufioao.myhome.cx/2556556555559558/The-Encounter-Animorphs-3-b

Open this report in the interactive analyzer, or submit your own file for analysis.