Malicious PDF — malware analysis report

Static analysis result for SHA-256 c059de87da652409…

MALICIOUS

PDF

17.7 KB Created: 2019-04-29 23:28:46 +01:00 Authoring application: mPDF 5.7
MD5: 8baa7c00bad84db9083dccca3a8bf438 SHA-1: eff7eceee40e190aa9580a62195a3cfe5e2c13ae SHA-256: c059de87da65240911af8d7dfba3ffe66ad5983297fa5e4007e6565b6f0f06a7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links to external PDF documents hosted on the domain 'muicuiu.dumb1.com'. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. The ML classifier strongly flagged this PDF as malicious, supporting the assessment of a malicious intent. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a02a06a04a08a06/101-Dalmatians-by-Vincent-Douglas.pdf
    • http://muicuiu.dumb1.com/4a03a09a02a04a02/Tommy-Black-and-the-Staff-of-Light-Tommy-Black-1-by-Jake-Kerr.pdf
    • http://muicuiu.dumb1.com/7a01a06a07a09a07/Tommy-Robinson-Enemy-of-the-State-by-Tommy-Robinson.pdf
    • http://muicuiu.dumb1.com/3a01a02a04a08a09/Books-for-Kids-Tommy-Tiger-and-the-New-Bike-Illustration-Book-Ages-3-8-Short-Stories-for-Kids-Kids-Books-Bedtime-Stories-For-Kids-Children-Books-Early-Readers-by-Tommy-Tiger.pdf
    • http://muicuiu.dumb1.com/7a09a03a04a06a01/The-Exile-Into-Eternity-A-Study-of-the-Narrative-Writings-of-Giorgio-Bassani-by-Douglas-Douglas.pdf
    • http://muicuiu.dumb1.com/6a01a01a08a09a05/Figurative-Terra-Cotta-Revetments-in-Etruria-and-Latium-In-the-VI-and-V-Centuries-B-C-by-E-Douglas-Elizabeth-Douglas-Van-Buren.pdf
    • http://muicuiu.dumb1.com/1a01a05a02a09a08a05/Parisian-Surreal-The-Interiors-of-Vincent-Darre-by-Vincent-Darre.pdf
    • http://muicuiu.dumb1.com/1a01a02a09a00a02a08/Shadowlands-Poems-and-Songs-by-Vincent-Bellmont-by-Vincent-Bellmont.pdf
    • http://muicuiu.dumb1.com/3a00a00a09a00a07/The-Vincent-Boys-The-Vincent-Boys-1-by-Abbi-Glines.pdf
    • http://muicuiu.dumb1.com/4a03a04a02a01a09/The-Vincent-Boys-The-Vincent-Boys-1-by-Abbi-Glines.pdf
    • http://muicuiu.dumb1.com/5a00a01a01a06a09/The-Vincent-Boys-The-Vincent-Boys-1-by-Abbi-Glines.pdf
    • http://muicuiu.dumb1.com/6a06a02a03a07a01/Complete-Letters-of-Vincent-Van-Gogh-by-Vincent-van-Gogh.pdf
    • http://muicuiu.dumb1.com/4a04a00a07a06a00/Tommyland-by-Tommy-Lee.pdf
    • http://muicuiu.dumb1.com/8a01a07a04/There-There-by-Tommy-Orange.pdf
    • http://muicuiu.dumb1.com/9a03a03a09a00a07/Norman-Vincent-Peale-The-Inspirational-Writings-by-Norman-Vincent-Peale.pdf
    • http://muicuiu.dumb1.com/6a02a07a01a04a05/Balls-by-Tommy-Dakar.pdf
    • http://muicuiu.dumb1.com/2a06a07a00/Thanks-for-the-Trouble-by-Tommy-Wallach.pdf
    • http://muicuiu.dumb1.com/3a05a03a06a08a07/Forever-and-a-Day-by-Tommy-Tran.pdf
    • http://muicuiu.dumb1.com/3a00a09a01a05a09/Just-Went-Out-for-Milk-by-Tommy-Cotton.pdf
    • http://muicuiu.dumb1.com/4a00a09a02a01a00/The-Pulptress-by-Tommy-Hancock.pdf
    • http://muicuiu.dumb1.com/6a01a01a08a09a05/F

Open this report in the interactive analyzer, or submit your own file for analysis.