Malicious PDF — malware analysis report

Static analysis result for SHA-256 a342397d2fa52a57…

MALICIOUS

PDF

16.5 KB Created: 2020-03-14 01:57:03 +00:00 Authoring application: mPDF 5.7
MD5: 736f59caddbfbce92a3f946df6ce1c47 SHA-1: d5ad78a05d0bb02e8d7102b041c9385e76c14930 SHA-256: a342397d2fa52a5725899071e6b174d7025d7357bc383aed32e2871720615215
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of external links, identified as a link farm, which are disguised as book titles to encourage user clicks. The primary heuristic indicates a critical finding related to this link farm. No scripts were extracted from this sample. The embedded URLs are the main indicators of malicious activity, likely leading to further compromise.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://calistazz.myhome.cx/9862867867867865/Complete-Thomas-Mann---Buddenbrooks-Verfall-einer-Familie-Der-Tod-in-Venedig-Tonio-Kr-ger-Der-kleine-Herr-Friedemann-Tristan-K-nigliche-Hoheit-Gladius-Dei-Schwere-Stunde-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/1861860868869862865/Schopenhauer-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/5867862863867866/Der-Tod-in-Venedig-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/3861866860869865/Bashan-and-I-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/4863861866863865/Reflections-of-a-Nonpolitical-Man-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/3867861867862868/The-Magic-Mountain-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/8864862865864866/Death-in-Venice-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/6869864868867/Doctor-Faustus-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/2869866860865868/The-Black-Swan-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/1863868866866864/Six-Early-Stories-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/4864867865868/Joseph-and-His-Brothers-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/1860865860868862860/Der-Tod-in-Venedig-Novelle-1913-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/9861860868860862/Little-Herr-Friedmann-and-Other-Stories-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/3863868866867/Death-in-Venice-and-Other-Tales-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/1861860867863860860/The-Story-of-a-Novel-The-Genesis-of-Doctor-Faustus-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/9860861861864865/Der-Tod-in-Venedig-Tristan-Zwei-Erz-hlungen-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/1860864860866864866/Gesammelte-Werke-in-zw-lf-B-nden-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/1861868868861863863/K-ningliche-Hoheit-Lotte-in-Weimar-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/9862863867863864/Die-gro-en-H-rspiele-Buddenbrooks-Der-Zauberberg-Der-Tod-in-Venedig-by-Thomas-Mann.pdf
    • http://calistazz.myhome.cx/6866864862861/Johnny-Depp-Der-Mann-hinter-den-Masken-by-Thomas-Fuchs.pdf
    • http://calistazz.myhome.cx/6869864868867/Doctor-

Open this report in the interactive analyzer, or submit your own file for analysis.