Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8b5888c7acb0137…

MALICIOUS

PDF

17.6 KB Created: 2019-04-30 04:11:09 +01:00 Authoring application: mPDF 5.7
MD5: 35ad8704169d3ad7dc16b815b57f438a SHA-1: 56787452c4098b58663ed14cbadb9399d0d7b363 SHA-256: b8b5888c7acb013764543ba1c85718ec6dffd4b1e6c9d84aed0a5884d2dddd4c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded hyperlinks, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The primary attack pattern involves directing users to a link farm of external websites, likely for SEO poisoning or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a08a05a08a07a08/Right-Where-I-Belong-by-Krista-McGee.pdf
    • http://muicuiu.dumb1.com/1a02a04a08a09a05/Luminary-Anomaly-2-by-Krista-McGee.pdf
    • http://muicuiu.dumb1.com/7a01a03a02a07/Anomaly-Anomaly-1-by-Krista-McGee.pdf
    • http://muicuiu.dumb1.com/2a09a08a02a02a03/Kat-McGee-and-The-Halloween-Costume-Caper-A-Kat-McGee-Book-2-by-Kristin-Riddick.pdf
    • http://muicuiu.dumb1.com/3a05a01a00a00a00/Pearl-Harbor-Date-of-Infamy-Date-to-Remember-by-Jon-J-Cardwell.pdf
    • http://muicuiu.dumb1.com/8a02a07a01a09/Better-Date-than-Never-Boxed-Set-Vol-1-Books-1-3-Better-Date-than-Never-1-3-by-Susan-Hatler.pdf
    • http://muicuiu.dumb1.com/4a01a02a05a09a07/Better-Date-than-Never-Boxed-Set-Books-1-6-Better-Date-than-Never-1-6-by-Susan-Hatler.pdf
    • http://muicuiu.dumb1.com/3a06a07a04a05a03/Truth-or-Date-Better-Date-than-Never-2-by-Susan-Hatler.pdf
    • http://muicuiu.dumb1.com/3a09a07a00a08a02/My-Last-Blind-Date-Better-Date-Than-Never-3-by-Susan-Hatler.pdf
    • http://muicuiu.dumb1.com/4a05a08a01a08a03/Truth-or-Date-Better-Date-than-Never-2-by-Susan-Hatler.pdf
    • http://muicuiu.dumb1.com/3a06a05a08a09a02/Save-the-Date-Better-Date-than-Never-4-by-Susan-Hatler.pdf
    • http://muicuiu.dumb1.com/7a01a02a04a04a05/The-Birth-Date-Book-April-1-What-Your-Birth-Date-Reveals-about-You-by-Ariel-Books.pdf
    • http://muicuiu.dumb1.com/8a05a09a07a02a07/La-sym-trie-cach-e-de-votre-date-de-naissance-La-date-de-votre-naissance-r-v-le-le-plan-de-votre-vie-by-Jean-Haner.pdf
    • http://muicuiu.dumb1.com/1a07a01a05a03a02/Blind-Date-Blind-Date-1-by-Violette-Paradis.pdf
    • http://muicuiu.dumb1.com/1a03a04a03a03a01/Conspiring-This-2-5-by-J-B-McGee.pdf
    • http://muicuiu.dumb1.com/1a03a05a02a01a02/Mending-This-2-by-J-B-McGee.pdf
    • http://muicuiu.dumb1.com/6a00a01a08a08a06/Conspiring-This-3-by-J-B-McGee.pdf
    • http://muicuiu.dumb1.com/1a01a05a03a06a08a02/In-Scherben-by-J-B-McGee.pdf
    • http://muicuiu.dumb1.com/2a01a09a09a02a01/Forgiven-This-3-by-J-B-McGee.pdf
    • http://muicuiu.dumb1.com/9a04a01a01/Tangled-Like-Us-Like-Us-4-by-Krista-Ritchie.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.