Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4fdd983366ccbb7…

MALICIOUS

PDF

16.4 KB Created: 2019-04-29 22:48:27 +01:00 Authoring application: mPDF 5.7
MD5: 89fdfd1a75fb9fa5d0bd5737a819220b SHA-1: d5cd39d680ab395519ed853ae581b98ff7dd6f47 SHA-256: b4fdd983366ccbb73fe2d4ff3e932fef14d617f5a8f330441a18778ee1537bcc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the document body is heavily corrupted, the presence of numerous external links suggests a malicious intent, possibly for SEO manipulation or to redirect users to malicious sites. The ML classifier strongly supports the malicious verdict. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a03a09a00a03a00/A-History-of-Bombing-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/3a05a00a03a02a05/A-History-of-Bombing-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/7a09a06a06a09a09/Bench-Press-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/3a00a03a08a07a03/Wyt-pi-ca-e-to-byd-o-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/7a09a06a06a09a03/Exterminate-All-the-Brutes-amp-Desert-Divers-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/7a09a06a08a06a05/The-Shadow-Latin-America-Faces-the-Seventies-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/7a09a06a06a09a05/The-Skull-Measurer-s-Mistake-And-Other-Portraits-of-Men-and-Women-Who-Spoke-Out-Against-Racism-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/7a03a00a00a01/-quot-Exterminate-All-the-Brutes-quot-One-Man-s-Odyssey-into-the-Heart-of-Darkness-and-the-Origins-of-European-Genocide-by-Sven-Lindqvist.pdf
    • http://muicuiu.dumb1.com/9a05a09a09a06a02/OCEAN-CRAWLERS-A-30-Postcard-Booklet-by-Sven-Gehrmann-by-Sven-Gehrmann.pdf
    • http://muicuiu.dumb1.com/9a01a03a09a06a09/The-Sven-Hassel-Collection-by-Sven-Hassel.pdf
    • http://muicuiu.dumb1.com/6a07a01a02a03a07/Le-Commissaire-Sven-Hassel-by-Sven-Hassel.pdf
    • http://muicuiu.dumb1.com/2a02a02a04a08a00/Let-the-Right-One-In-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/1a04a01a09a04a04/Let-the-Right-One-In-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/3a07a06a01a09a09/Let-The-Right-One-In-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/2a00a00a02a09a07/Let-the-Right-One-In-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/5a04a08a09a05/Harbour-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/1a04a03a07a04a07/Harbour-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/1a01a08a09a04a01a01/So-Ruhet-In-Frieden-by-John-Ajvide-Lindqvist.pdf
    • http://muicuiu.dumb1.com/7a09a06a07a05a04/Tacka-katten-f-r-det-K-serier-by-Herman-Lindqvist.pdf
    • http://muicuiu.dumb1.com/3a07a07a01a04a09/Findus-and-the-Fox-by-Sven-Nordqvist.pdf
    • http://muicuiu.dumb1.com/7a03a00a00a01/-quot-Exterminate-All-the-Brutes-quot-One-Man-s-Odyssey-into-th

Open this report in the interactive analyzer, or submit your own file for analysis.