Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dbd4ab7dc8672c1…

MALICIOUS

PDF

14.5 KB Created: 2019-04-30 03:56:29 +01:00 Authoring application: mPDF 5.7
MD5: 2863916335acbb993ada00847c333c9f SHA-1: 6043de109a6658601853cf71c1bb1441ee46d252 SHA-256: 9dbd4ab7dc8672c186231988c4ee2d13487c472466aaa7d018408d3844fc5ac7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external websites, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and the heuristic firing of 'PDF_SEO_LINK_FARM' suggest a malicious intent to drive traffic or potentially host further malicious content. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a07a06a03a06/Until-Shiloh-Comes-A-Civil-War-Novel-The-Shiloh-Trilogy-Book-1-by-Karl-A-Bacon.pdf
    • http://muicuiu.dumb1.com/1a03a06a07a04/Shiloh-Season-Shiloh-2-by-Phyllis-Reynolds-Naylor.pdf
    • http://muicuiu.dumb1.com/1a03a06a04a09/Saving-Shiloh-Shiloh-3-by-Phyllis-Reynolds-Naylor.pdf
    • http://muicuiu.dumb1.com/3a09a02a00a09a00/If-You-Hear-Her-The-Ash-Trilogy-1-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/4a01a05a08a04a04/Not-My-Mate-Shifters-and-Partners-Book-12-by-Hollis-Shiloh.pdf
    • http://muicuiu.dumb1.com/4a02a01a08a01a05/The-First-Book-of-Grimm-Grimm-s-Circle-1-amp-2-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/2a08a06a08a09a02/The-One-for-Me-by-Hollis-Shiloh.pdf
    • http://muicuiu.dumb1.com/1a06a09a07a05a08/Beg-Me-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/2a04a03a02a01a01/The-Huntress-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/2a04a03a08a01a05/One-of-the-Guys-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/4a07a02a07a09a02/Fireproof-by-Hollis-Shiloh.pdf
    • http://muicuiu.dumb1.com/7a08a04a02a00a04/Vampire-Mythe-2-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/1a03a02a04a02a08/Fragile-Rafferty-1-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/3a04a00a03a03a08/The-Real-Finn-by-Hollis-Shiloh.pdf
    • http://muicuiu.dumb1.com/4a03a01a03a07a03/No-Longer-Mine-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/1a09a02a02a02a04/Her-Best-Friend-s-Lover-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/2a08a01a03a02a03/The-Missing-The-FBI-Psychics-1-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/2a05a00a08a06a09/The-Reunited-The-FBI-Psychics-3-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/1a03a02a02a03a03/Broken-Rafferty-2-by-Shiloh-Walker.pdf
    • http://muicuiu.dumb1.com/2a07a03a01a03a00/Shiloh-and-Other-Stories-by-Bobbie-Ann-Mason.pdf
    • http://muicuiu.dumb1.com/7a08a04a02a00a04/Vampire-

Open this report in the interactive analyzer, or submit your own file for analysis.