Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5b6062b0c8e1023…

MALICIOUS

PDF

20.0 KB Created: 2019-05-02 01:13:36 +01:00 Authoring application: mPDF 5.7
MD5: 39f3b5af29267971fe59383c19292cab SHA-1: 8f57acb84b801e964cd82e980f1a8ea5925fb2c2 SHA-256: a5b6062b0c8e1023fdbe19b66608f7bb912bb2fdc830ac258ae2310ef737ed51
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a link farm with 26 external links, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also strongly indicated maliciousness. The embedded URLs, while individually classified as benign, collectively form a lure to a large number of external PDF documents, suggesting a potential SEO poisoning or traffic-driving scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9942

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a00a01a09a01a06/Opposite-Attraction-Keller-Family-3-by-Bernadette-Marie.pdf
    • http://muicuiu.dumb1.com/6a00a03a02a09a04/The-Acceptance-Keller-Family-8-by-Bernadette-Marie.pdf
    • http://muicuiu.dumb1.com/4a08a09a07a02a02/The-Merger-The-Keller-Family-Series-9-by-Bernadette-Marie.pdf
    • http://muicuiu.dumb1.com/2a00a01a07a03a03/Lost-amp-Found-Keller-Family-5-by-Bernadette-Marie.pdf
    • http://muicuiu.dumb1.com/9a06a05a06a07a03/Opposite-Attraction-The-Lives-of-Erich-Maria-Remarque-and-Paulette-Goddard-by-Julie-Goldsmith-Gilbert.pdf
    • http://muicuiu.dumb1.com/9a08a07a08a01a07/The-Three-Wives-of-Adam-Monroe-by-Bernadette-Marie.pdf
    • http://muicuiu.dumb1.com/6a00a00a00a08a02/Les-Amants-du-presbyt-re-by-Marie-Bernadette-Dupuy.pdf
    • http://muicuiu.dumb1.com/1a00a00a04a06a03a04/A-Major-Attraction-Good-to-Go-1-by-Marie-Harte.pdf
    • http://muicuiu.dumb1.com/3a00a04a09a05a06/Animal-Attraction-Halle-Pumas-4-5-by-Dana-Marie-Bell.pdf
    • http://muicuiu.dumb1.com/6a05a07a02a00a04/Bernadette-Soubirous-En-religion-soeur-Marie-Bernard-sa-vie-sa-correspondance-sa-mort-ses-fun-railles-by-P-M-.pdf
    • http://muicuiu.dumb1.com/6a04a02a07a05a03/Marie-Has-a-Party-La-F-te-de-Marie-The-Language-of-Food-Family-and-Friends-Le-Langage-de-la-Nourriture-de-la-Famille-Et-Des-Amis-by-Poppy-Archer.pdf
    • http://muicuiu.dumb1.com/7a08a00a01a06a07/Belle-Terre-Acadie-The-Story-of-One-Family-of-the-Acadian-Diaspora-by-A-K-Keller.pdf
    • http://muicuiu.dumb1.com/8a07a01a09a07a00/Slow-Family-Living-75-Simple-Ways-to-Slow-Down-Connect-and-Create-More-Joy-by-Bernadette-Noll.pdf
    • http://muicuiu.dumb1.com/3a02a04a04a01a00/An-Enrapturing-Attraction-The-Attraction-Series-3-by-A-J-Walters.pdf
    • http://muicuiu.dumb1.com/3a04a07a07a06a04/An-Acute-Attraction-The-Attraction-Series-1-by-A-J-Walters.pdf
    • http://muicuiu.dumb1.com/2a08a06a03a04a07/A-Constant-Attraction-The-Attraction-Series-2-by-A-J-Walters.pdf
    • http://muicuiu.dumb1.com/3a00a09a05a08a02/Forever-Attraction-Attraction-2-by-S-K-Logsdon.pdf
    • http://muicuiu.dumb1.com/9a07a00a09a08a09/The-Theory-of-Attraction-The-Theory-of-Attraction-A-Shot-in-the-Dark-Forbidden-Fantasies-by-Delphine-Dryden.pdf
    • http://muicuiu.dumb1.com/3a09a09a06a06a04/One-Big-Furry-Family-by-Marie-Tayse.pdf
    • http://muicuiu.dumb1.com/3a09a00a09a06a05/There-s-Only-Been-You-Jamison-Family-1-by-Donna-Marie-Rogers.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.