Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8f93642bf63e91f…

MALICIOUS

PDF

17.2 KB Created: 2019-04-30 02:31:35 +01:00 Authoring application: mPDF 5.7
MD5: bed2ed0c710c34de975f3576902dd821 SHA-1: f99d31130e256b159d2f5bbcb0531b2062c0f0d1 SHA-256: a8f93642bf63e91f86085b921437ba5130d9cf43a969cc62bd307134045cd19e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous links suggests an attempt to manipulate search engine results or redirect users to malicious sites. The ML_NYX_PDF_MALICIOUS classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a01a07a08a05a02/Marvel-Platinum-The-Definitive-Iron-Man-Reloaded-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/3a08a05a01a04a06/Marvel-Platinum-The-Definitive-Iron-Man-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/1a00a09a01a08a06a02/Marvel-Now-PB-Iron-Man-Glauben-Marvel-Now-Iron-Man-by-Kieron-Gillen.pdf
    • http://muicuiu.dumb1.com/8a03a02a07a00a09/Marvel-Visionaries-Stan-Lee-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/8a03a02a06a00a03/Stan-Lee-The-Man-Behind-Marvel-by-Bob-Batchelor.pdf
    • http://muicuiu.dumb1.com/1a06a01a08a03a00/Origins-of-Marvel-Comics-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/3a09a01a05a00a06/Marvel-Masterworks-The-Mighty-Thor-Vol-1-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/3a04a06a03a08a07/Marvel-Masterworks-The-Incredible-Hulk-Vol-2-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/3a04a05a05a01a05/Marvel-Masterworks-Volume-8-The-Incredible-Hulk-1-6-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/2a05a05a01a01a09/Essential-Iron-Man-Vol-1-by-Stan-Lee.pdf
    • http://muicuiu.dumb1.com/9a04a09a01a01a07/Iron-Fey-Series-Volume-1-The-Iron-King-Winter-s-Passage-The-Iron-Daughter-The-Iron-Queen-Summer-s-Crossing-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/9a09a08a04a07a06/The-Platinum-Rebound-The-Platinum-Series-2-by-T-V-Hartwell.pdf
    • http://muicuiu.dumb1.com/1a09a03a04a06a06/Heroes-of-Power-The-Women-of-Marvel-All-New-Marvel-Treasury-Edition-by-Christopher-Hastings.pdf
    • http://muicuiu.dumb1.com/1a00a09a06a09a07a09/Stan-Without-Ollie-The-Stan-Laurel-Solo-Films-1917-1927-by-Ted-Okuda.pdf
    • http://muicuiu.dumb1.com/7a07a03a04a08a02/Postfix-The-Definitive-Guide-The-Definitive-Guide-by-Kyle-D-Dent.pdf
    • http://muicuiu.dumb1.com/7a07a03a04a04a01/Tomcat-The-Definitive-Guide-The-Definitive-Guide-by-Jason-Brittain.pdf
    • http://muicuiu.dumb1.com/9a04a01a06a06a01/The-Iron-Thorn---Fl-sternde-Magie-Iron-Codex-1-by-Caitlin-Kittredge.pdf
    • http://muicuiu.dumb1.com/4a08a03a04a05a05/The-Iron-Traitor-The-Iron-Fey-Call-of-the-Forgotten-2-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/4a07a08a00a00/The-Iron-Thorn-Iron-Codex-1-by-Caitlin-Kittredge.pdf
    • http://muicuiu.dumb1.com/3a00a06a08a03a03/Iron-King-1-The-Iron-Fey-Manga-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/9a04a09a01a01a07/Iron-Fey-Seri

Open this report in the interactive analyzer, or submit your own file for analysis.