Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f38376c61cb8317…

MALICIOUS

PDF

15.4 KB Created: 2019-05-02 05:06:34 +01:00 Authoring application: mPDF 5.7
MD5: b9c9f6cbbe0d08e1cc5a1dca1205047d SHA-1: 0c249e564436927333a44f1c76be9a588498f71d SHA-256: 9f38376c61cb83178d2b1144af3415a8f78773446711196df1d52d5936bfaaa2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4739736739735734/Cody-and-the-Fountain-of-Happiness-by-Tricia-Springstubb.pdf
    • http://cefasfese.4pu.com/3738732734736739/Cody-and-the-Rules-of-Life-by-Tricia-Springstubb.pdf
    • http://cefasfese.4pu.com/1737738732730730/What-Happened-on-Fox-Street-by-Tricia-Springstubb.pdf
    • http://cefasfese.4pu.com/1733738738737/With-a-Name-Like-Lulu-Who-Needs-More-Trouble-by-Tricia-Springstubb.pdf
    • http://cefasfese.4pu.com/1730730735733738735/Eine-T-te-Sonnenschein-Band-2-Eine-M-tze-voll-Gl-ck-by-Tricia-Springstubb.pdf
    • http://cefasfese.4pu.com/1737738730736734/When-My-Heart-Was-Wicked-by-Tricia-Stirling.pdf
    • http://cefasfese.4pu.com/3731738730735737/Heart-of-a-Champion-An-Autobiography-by-Michelle-Kwan.pdf
    • http://cefasfese.4pu.com/5732733731738738/Bear-Bones-A-Cody-O-Keefe-Investigation-Cody-O-Keefe-Investigations-Book-1-by-David-McKinney.pdf
    • http://cefasfese.4pu.com/1735736732730736/The-Eternal-Champion-Eternal-Champion-1-by-Michael-Moorcock.pdf
    • http://cefasfese.4pu.com/3736738736736732/Champion-of-the-Scarlet-Wolf-Book-One-Champion-of-the-Scarlet-Wolf-1-by-Ginn-Hale.pdf
    • http://cefasfese.4pu.com/5730737734738735/Becoming-Lin-by-Tricia-Dower.pdf
    • http://cefasfese.4pu.com/2739736732739730/-sic-by-Joshua-Cody.pdf
    • http://cefasfese.4pu.com/4735737730732738/Lethe-by-Tricia-Sullivan.pdf
    • http://cefasfese.4pu.com/4731734737731730/Moa-Moa-1-by-Tricia-Stewart-Shiu.pdf
    • http://cefasfese.4pu.com/6737735733736/The-River-by-Tricia-Wastvedt.pdf
    • http://cefasfese.4pu.com/3737739733731734/The-German-Boy-by-Tricia-Wastvedt.pdf
    • http://cefasfese.4pu.com/1731731735738739/Powerless-by-Matthew-Cody.pdf
    • http://cefasfese.4pu.com/4731731739738737/Will-in-Scarlet-by-Matthew-Cody.pdf
    • http://cefasfese.4pu.com/8736738736736736/Adore-Sam-amp-Cody-3-by-Ann-Mayburn.pdf
    • http://cefasfese.4pu.com/5730739733730737/Bucket-Nut-by-Liza-Cody.pdf
    • http://cefasfese.4pu.com/1735736732730736/The-E

Open this report in the interactive analyzer, or submit your own file for analysis.