Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2bd5c68ddfb07da…

MALICIOUS

PDF

12.7 KB Created: 2019-05-01 05:59:36 +01:00 Authoring application: mPDF 5.7
MD5: 0ed15bda6cfd338d6cf65934dc4d7101 SHA-1: e31200a75ca6f62098bb1e94da2dd8981a22f300 SHA-256: b2bd5c68ddfb07da719dbc39214eed532364c6493e3981e48a103e48b9d484bf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or spamming operation. While the URLs themselves are currently classified as benign, the sheer volume and the ML classifier's high confidence in maliciousness indicate a deceptive intent. The document body is heavily obfuscated, preventing a clear understanding of its direct purpose beyond hosting these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.link
    • http://xiixmcuin.linkpc.net/1201200205208200203/michael-grant-collection-gone-and-bzrk-series-9-books-set-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/1201200205208200204/Gone-and-BZRK-Series-Michael-Grant-Collection-9-Books-Set-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/1201200205208200202/BZRK-3-Book-Collection-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/1201200205208200201/BZRK-Origins-BZRK-0-5-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/1202202204201209/BZRK-Apocalypse-BZRK-3-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/1201200200207209/BZRK-BZRK-1-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/3202205206205/Gone-Gone-1-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/2207208208206209/Fear-Gone-5-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/8209204207209207/Nero-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/2207208207206200/Lies-Gone-3-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/4200207205208201/Hunger-Gone-2-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/4204209201207209/The-Etruscans-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/3203201201209201/Fear-Gone-5-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/1209209206208200/Skateaway-by-Michael-Grant-Jaffe.pdf
    • http://xiixmcuin.linkpc.net/1202202204202204/Messenger-of-Fear-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/2206201209204202/Dead-of-Night-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/2209204207200204/Villain-Monster-2-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/9207202205205205/From-Alexander-to-Cleopatra-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/2205204206209201/Ulysses-S-Grant-The-Unlikely-Hero-by-Michael-Korda.pdf
    • http://xiixmcuin.linkpc.net/7206206207207203/Mentiras-Saga-Olvidados-by-Michael-Grant.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.