Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6e312c6ed9e9819…

MALICIOUS

PDF

13.1 KB Created: 2019-05-01 05:14:17 +01:00 Authoring application: mPDF 5.7 First seen: 2021-08-20
MD5: 139afda6130d65bffbc3a95726bc12a2 SHA-1: 3db45a4f26b2b8b3a21de81b26f9a911f4460ac6 SHA-256: b6e312c6ed9e98196598ff21f53c7a301a7ea6b471fdb888ce3fcbc81a5fc2aa
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily corrupted, the presence of these links and the ML_NYX_PDF_MALICIOUS firing suggest a malicious intent, likely to direct users to malicious content or phishing sites. The SE_DOWNLOAD_BUTTON heuristic further supports a lure-based attack pattern. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8891

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a02a03a07a08a07/The-Autobiography-of-Malcolm-X-As-Told-to-Alex-Haley-by-Malcolm-X.pdf In PDF document text
    • http://muicuiu.dumb1.com/5a03a01a07a09a03/The-Autobiography-Of-Malcolm-X-by-Alex-Haley.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a07a02a07a01a03/Me-Mam-Me-Dad-Me-by-Malcolm-Duffy.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a03a09a01a07a02/The-Sun-Singer-by-Malcolm-R-Campbell.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a03a05a00a07/Under-the-Volcano-by-Malcolm-Lowry.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a04a07a04a03a03/Clone-by-Malcolm-Rose.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a00a04a06a09a09/THE-DREAMCATCHERS-by-Malcolm-Hayes.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a05a01a02a00a02/They-Come-in-All-Colors-A-Novel-by-Malcolm-Hansen.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a00a08a00a09a03/Jamaica-by-Malcolm-Knox.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a08a09a07a06a05/It-Never-Was-Worthwhile-by-Malcolm-Havard.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a03a06a04a07a04/Ultramarine-by-Malcolm-Lowry.pdfIn PDF document text
    • http://muicuiu.dumb1.com/9a02a02a03a04/Amok-by-Dominica-Malcolm.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a00a07a08a01a07/Bradman-s-War-by-Malcolm-Knox.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a02a02a03a08a03/I-followed-my-man-to-Lausanne-by-Moira-M-Malcolm.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a01a02a06a01a08/What-the-Dog-Saw-And-Other-Adventures-by-Malcolm-Gladwell.pdfIn PDF document text
    • http://muicuiu.dumb1.com/8a09a09a08a02/The-History-Man-by-Malcolm-Bradbury.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a02a02a08a06a00/Brahms-by-Malcolm-MacDonald.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a01a04a07a09a07/Under-the-Volcano-by-Malcolm-Lowry.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a04a08a04a06a01/Under-the-Volcano-by-Malcolm-Lowry.pdfIn PDF document text
    • http://muicuiu.dumb1.com/7a00a07a00a06a06/The-Alleluia-Affair-by-Malcolm-Boyd.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.