Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dcf834f519de1ef…

MALICIOUS

PDF

29.2 KB Created: 2019-05-02 17:04:12 +01:00 Authoring application: mPDF 5.7
MD5: cd1c37cefddfb35c0f0c88e235af969e SHA-1: ab4720482a181941fcb5b2be0842a5bee95844c7 SHA-256: 9dcf834f519de1ef865d4a5335cafb9b93c43cc696487c2dd54825c0cc11a1ce
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by an ML classifier as malicious and contains a large number of external links, characteristic of a link farm. The embedded URLs point to various works of Shakespeare, likely as a lure to disguise malicious intent. No scripts were extracted, and the document body was unreadable, but the heuristic firings strongly suggest a phishing or redirection attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9903

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1091094099091097094/The-Complete-Works-of-William-Shakespeare-comprising-his-plays-and-poems-also-the-history-of-his-life-his-will-and-an-introduction-to-each-play-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/5097097098098090/The-Complete-Works-of-William-Shakespeare-With-Historical-and-Analytical-Prefaces-Comments-Critical-and-Explanatory-Notes-Glossaries-a-Life-of-Sh-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/1099091094096098/The-Complete-Works-of-William-Shakespeare-Illustrated-Inline-Footnotes-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/1090098099094098091/Complete-Works-of-William-Shakespeare-154-Sonnets-Romeo-and-Juliet-Othello-Hamlet-Macbeth-Antony-and-Cleopatra-The-Tempest-Julius-Caesar-King-Cressida-The-Winter-s-Tale-amp-more-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/8094092097099097/The-Complete-Works-of-William-Shakespeare-The-Alexander-Text-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/9091096090092090/The-Complete-Works-of-William-Shakespeare-43-Works-amp-154-Sonnets-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/2092092090094095/The-Yale-Shakespeare-Complete-Works-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/4097099091090090/Shakespeare-s-Other-Anne-A-Short-Account-Of-The-Life-And-Works-Of-Anne-Whateley-Or-Beck-A-Sister-Of-The-Order-Of-St-Clare-Who-Nearly-Married-William-Shakespeare-In-November-1582-A-D-by-William-J-Fraser-Hutcheson.pdf
    • http://loaminoo.linkpc.net/8097097092097/The-Complete-Works-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/3092093093094/The-Complete-Works-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/8098095098093091/The-Merchant-of-Venice-Junior-Certificate-English-A-Romantic-Comedy-by-William-Shakespeare-Folens-Shakespeare-Series-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/1090091099097090092/The-Complete-Plays-and-Poems-of-William-Shakespeare-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/4095097090096099/Shakespeare-s-Cats-The-Complete-Sonnets-for-the-Literary-Cat-Lover-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/4095097090096090/William-Shakespeare-Complete-Plays-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/4091095093095/The-Complete-Plays-of-Shakespeare-amp-Commentaries-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/5098093090093/The-Annotated-Shakespeare-The-Complete-Three-Volume-Set-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/5096090096099092/Hamlet-FREE-The-Tragedy-Of-Macbeth-By-William-Shakespeare-100-Formatted-Illustrated---JBS-Classics-100-Greatest-Novels-of-All-Time-Book-23-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/1090098091090098091/Richard-III-Katharina-Thalbach-liest-William-Shakespeare-in-der-bersetzung-von-Thomas-Brasch-5-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/6090097098098091/Macbeth-Katharina-Thalbach-liest-William-Shakespeare-in-der-bersetzung-von-Thomas-Brasch-1-by-William-Shakespeare.pdf
    • http://loaminoo.linkpc.net/3096095099099092/William-Shakespeare-s-Tragedy-of-the-Sith-s-Revenge-William-Shakespeare-s-Star-Wars-3-by-Ian-Doescher.pdf
    • http://loaminoo.linkpc.net/1099091094096098/The-Complete-Works-of-William-Shakespeare

Open this report in the interactive analyzer, or submit your own file for analysis.