Malicious PDF — malware analysis report

Static analysis result for SHA-256 bf1b940ebff54f90…

MALICIOUS

PDF

18.0 KB Created: 2019-05-02 01:31:23 +01:00 Authoring application: mPDF 5.7
MD5: 960c9cb24fa2d63ee242b10d430f4323 SHA-1: 9d67e72f30cdc02e68b86e00831052fd15aa7249 SHA-256: bf1b940ebff54f908c1fc0ede8092bfcfc86d1e6507c162efd559df6f89152af
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of SEO spam or a link farm. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing suggest a malicious intent, possibly to redirect users to harmful content or to manipulate search engine rankings. No scripts were extracted, limiting further analysis of the execution chain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a09a00a04a05a06/Dead-of-Night-Charlie-Morell-2-by-Alex-Abella.pdf
    • http://muicuiu.dumb1.com/3a07a05a06a04a04/Charlie-Dead-and-the-Seeds-of-Zombie-Chaos-Charlie-Dead-2-by-Geoff-Camphire.pdf
    • http://muicuiu.dumb1.com/6a01a07a04a03/Dead-of-Night-Dead-of-Night-1-by-Jonathan-Maberry.pdf
    • http://muicuiu.dumb1.com/2a01a03a00a05a06/The-Children-of-the-Red-King-Books-1-5-Midnight-for-Charlie-Bone-Charlie-Bone-and-the-Time-Twister-Charlie-Bone-and-the-Invisible-Boy-Charlie-Bone-and-the-Castle-of-Mirrors-and-Charlie-Bone-and-the-Hidden-King-by-Jenny-Nimmo.pdf
    • http://muicuiu.dumb1.com/1a09a05a03a07a00/Dead-Investigation-by-Charlie-Price.pdf
    • http://muicuiu.dumb1.com/7a00a03a09a04/The-Dead-The-Enemy-2-by-Charlie-Higson.pdf
    • http://muicuiu.dumb1.com/1a09a05a05a02a08/Charlie-Presumed-Dead-by-Anne-Heltzel.pdf
    • http://muicuiu.dumb1.com/8a00a07a06a09/Charlie-All-Night-by-Jennifer-Crusie.pdf
    • http://muicuiu.dumb1.com/1a02a06a08a05/Charlie-All-Night-by-Jennifer-Crusie.pdf
    • http://muicuiu.dumb1.com/1a03a02a06a06a03/The-Famous-and-the-Dead-Charlie-Hood-6-by-T-Jefferson-Parker.pdf
    • http://muicuiu.dumb1.com/3a00a05a01a01a09/Every-Dead-Thing-Charlie-Parker-1-by-John-Connolly.pdf
    • http://muicuiu.dumb1.com/1a00a08a07a08a01/Charlie-Dead-and-the-So-Called-Zombie-Apocalypse-by-Geoff-Camphire.pdf
    • http://muicuiu.dumb1.com/4a01a00a06a04a09/Sir-Charlie-Stinky-Socks-And-The-Really-Frightful-Night-by-Kristina-Stephenson.pdf
    • http://muicuiu.dumb1.com/1a04a04a07a00a01/The-Night-the-Gods-Smiled-Charlie-Salter-1-by-Eric-Wright.pdf
    • http://muicuiu.dumb1.com/8a07a05a02a06a02/But-Thomas-Aiken-Is-Dead---Part-I-by-Alex-McKechnie.pdf
    • http://muicuiu.dumb1.com/1a00a05a00a05a02a05/Die-Spionin-by-Lena-Morell.pdf
    • http://muicuiu.dumb1.com/3a02a07a02a07a01/The-Night-Ranger-John-Wells-7-by-Alex-Berenson.pdf
    • http://muicuiu.dumb1.com/6a00a07a06a05a06/Nourishing-Traditions-Bk-Baby-Child-Care-by-Sally-Fallon-Morell.pdf
    • http://muicuiu.dumb1.com/4a02a04a08a09a01/Ancestral-Passions-The-Leakey-Family-and-the-Quest-for-Humankind-s-Beginnings-by-Virginia-Morell.pdf
    • http://muicuiu.dumb1.com/1a02a07a03a06a05/The-Dead-of-Winter-by-Jack-Night.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.