Malicious PDF — malware analysis report

Static analysis result for SHA-256 c064fbe09e725060…

MALICIOUS

PDF

15.9 KB Created: 2019-04-30 02:05:37 +01:00 Authoring application: mPDF 5.7
MD5: f110c59990d5eb64b075a3eb60d55938 SHA-1: d2152946d87be102153246525f37c01a070fd5bc SHA-256: c064fbe09e725060a6f613571790ddb1239e1a3447d6c7c0d633a30bdd6a14cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF documents. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs are likely part of a link farm designed to direct users to potentially malicious content, although the specific URLs themselves were classified as benign in this analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9892

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/1201203207200203209/Novels-by-Kazuo-Ishiguro-The-Remains-of-the-Day-Never-Let-Me-Go-a-Pale-View-of-Hills-When-We-Were-Orphans-an-Artist-of-the-Floating-World-by-Books-LLC.pdf
    • http://xiixmcuin.linkpc.net/2206204200205206/A-Pale-View-of-Hills-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/3208203208200203/An-Artist-of-the-Floating-World-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/2206205205207201/An-Artist-of-the-Floating-World-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/2204209206205209/An-Artist-of-the-Floating-World-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/1209208200208204/An-Artist-of-the-Floating-World-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/1203209209209205/An-Artist-of-the-Floating-World-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/4200204204203204/When-We-Were-Orphans-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/2204209208201201/The-Remains-of-the-Day-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/1201203207200205200/A-Study-Guide-for-Kazuo-Ishiguro-s-quot-the-Remains-of-the-Day-quot-by-Cengage-Learning-Gale.pdf
    • http://xiixmcuin.linkpc.net/1201203207200203203/The-Kazuo-Ishiguro-Handbook---Everything-You-Need-to-Know-about-Kazuo-Ishiguro-by-Liliana-Yates.pdf
    • http://xiixmcuin.linkpc.net/1208205206202207/Never-Let-Me-Go-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/2205206200209209/Never-Let-Me-Go-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/6205203204201/Never-Let-Me-Go-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/2204200208209202/Never-Let-Me-Go-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/1204200202203201/The-Unconsoled-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/3206205206202/The-Unconsoled-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/9204206200207208/Mos-m-l-r-t-shkoj-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/1201203206208200209/Kazuo-Ishiguro-by-Wai-chew-Sim.pdf
    • http://xiixmcuin.linkpc.net/7204200206201203/Aupres-de-moi-toujours---Never-Let-Me-Go-by-Kazuo-Ishiguro.pdf
    • http://xiixmcuin.linkpc.net/2204209208201201/The-Remains-of-the-Day-by-Kazuo-Ishi

Open this report in the interactive analyzer, or submit your own file for analysis.