Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba2ab18eca221f01…

MALICIOUS

PDF

18.7 KB Created: 2019-04-30 05:26:24 +01:00 Authoring application: mPDF 5.7
MD5: 357f94b304a38b22df815b6e194a011c SHA-1: a8f3a3d0a73996bf77723151967fb04c755520bf SHA-256: ba2ab18eca221f01176cf4ede60bc83049aaf539138c59fc3013434142247e3c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'muicuiu.dumb1.com'. This heuristic firing, combined with the ML classifier's high confidence, suggests a link-farming or redirection tactic. The document body is heavily obfuscated but contains the same URLs, reinforcing the attack pattern. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/7a02a07a09a01a08/El-Flautista-De-Hamelin-the-Pied-Piper-of-Hamelin-by-Xos-Ballesteros-Rey.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a00a03/The-Pied-Piper-of-Hamelin-by-Roberto-Piumini.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a02a09/Pied-Piper-of-Hamelin-by-Sharon-Chimelarz.pdf
    • http://muicuiu.dumb1.com/6a09a03a05a06a00/The-Pied-Piper-of-Hamelin-by-Michele-Lemieux.pdf
    • http://muicuiu.dumb1.com/7a02a08a01a01a01/The-Pied-Piper-of-Hamelin-by-Madge-Miller.pdf
    • http://muicuiu.dumb1.com/7a02a08a01a00a08/The-Pied-Piper-of-Hamelin-by-Carolyn-Quattrocki.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a00a01/The-Pied-Piper-of-Hamelin-by-Maren-Briswalter.pdf
    • http://muicuiu.dumb1.com/7a02a08a00a00a00/Return-of-the-Pied-Piper-of-Hamelin-by-Gene-W-Zepp.pdf
    • http://muicuiu.dumb1.com/6a09a03a06a02a01/Pied-Piper-of-Hamelin-by-Barbara-Bartos-H-ppner.pdf
    • http://muicuiu.dumb1.com/6a09a03a04a09a03/The-Pied-Piper-of-Hamelin-Russell-Brand-s-Trickster-Tales-1-by-Russell-Brand.pdf
    • http://muicuiu.dumb1.com/6a09a03a05a04a04/The-Pied-Piper-of-Peru-by-Ann-Tompert.pdf
    • http://muicuiu.dumb1.com/2a01a09a04a05a00/Hamelin-Stoop-The-Lost-Princess-and-the-Jewel-of-Periluna-Hamelin-Stoop-2-by-Robert-B-Sloan.pdf
    • http://muicuiu.dumb1.com/6a07a05a06a03a09/Pied-Piper-Charmed-27-by-Debbie-Vigui-.pdf
    • http://muicuiu.dumb1.com/6a09a03a04a09a00/Freddy-the-Pied-Piper-by-Walter-R-Brooks.pdf
    • http://muicuiu.dumb1.com/2a01a09a09a02a06/The-Super-Spies-and-the-Pied-Piper-book-3-by-Lisa-Orchard.pdf
    • http://muicuiu.dumb1.com/1a09a04a02a08a08/British-Poets-of-the-Nineteenth-Century-V1-Poems-by-Wordsworth-Coleridge-Scott-Byron-Shelley-Keats-Landor-Tennyson-Elizabeth-Barrett-Browning-Robert-Browning-Clough-Arnold-Rossetti-Morris-Swinburne-by-Curtis-Hidden-Page.pdf
    • http://muicuiu.dumb1.com/4a07a07a04a08a01/Cold-Blooded-The-Saga-of-Charles-Schmid-the-Notorious-quot-Pied-Piper-of-Tucson-quot-by-John-Gilmore.pdf
    • http://muicuiu.dumb1.com/4a04a03a01a02a09/Complete-Works-of-Nevil-Shute-Pied-Piper-by-Nevil-Shute.pdf
    • http://muicuiu.dumb1.com/4a06a05a07a04a00/My-Last-Duchess-by-Robert-Browning.pdf
    • http://muicuiu.dumb1.com/4a05a07a09a08a06/My-Last-Duchess-and-Other-Poems-by-Robert-Browning.pdf
    • http://muicuiu.dumb1.com/6a09a03a05a04a04/Th

Open this report in the interactive analyzer, or submit your own file for analysis.