Malicious PDF — malware analysis report

Static analysis result for SHA-256 c108a6bf72cff6a2…

MALICIOUS

PDF

12.5 KB Created: 2019-04-30 04:12:50 +01:00 Authoring application: mPDF 5.7
MD5: e16a4dfd48e21c5c5cd2119ea62e47b0 SHA-1: 64f53ff5f0fc6d91908eb7f0851544be1b4684fc SHA-256: c108a6bf72cff6a2ca21035c7c1415732e8bf7b3c07b11cf853463843ddc0b28
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a01a01a01a02a03a04/Tom-s-Rivera-by-Jane-Medina.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a06a00a01/Love-Me-More-by-R-S-Medina.pdf
    • http://muicuiu.dumb1.com/3a01a05a09a00a07/Just-a-Suit-by-H-P-Medina.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a05a09a08/Milagros-Girl-from-Away-by-Meg-Medina.pdf
    • http://muicuiu.dumb1.com/4a07a08a08a03a06/Secrets-Within-by-K-Rivera.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a02a08a06/Medina-Hill-by-Trilby-Kent.pdf
    • http://muicuiu.dumb1.com/2a09a05a09a04a07/The-Sword-of-Medina-by-Sherry-Jones.pdf
    • http://muicuiu.dumb1.com/4a09a09a05a02/The-Jewel-of-Medina-by-Sherry-Jones.pdf
    • http://muicuiu.dumb1.com/7a03a01a06a04a01/Broke-Baroque-by-Tony-Medina.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a06a00a02/Where-Is-Mount-Everest-by-Nico-Medina.pdf
    • http://muicuiu.dumb1.com/4a08a08a06a00a07/The-Dirty-Version-by-Medina-Faris.pdf
    • http://muicuiu.dumb1.com/2a01a09a06a05a06/I-Am-Alfonso-Jones-by-Tony-Medina.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a03a08a01/Cold-Medina-A-Novel-of-Suspense-by-Gary-Hardwick.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a02a08a01/The-Golden-Medina-by-Edwin-Jerome-Reuben.pdf
    • http://muicuiu.dumb1.com/1a00a05a01a05a08a01/Fat-Hoochie-Prom-Queen-by-Nico-Medina.pdf
    • http://muicuiu.dumb1.com/8a04a00a06a01a02/ABC-Pasta-An-Entertaining-Alphabet-by-Juana-Medina.pdf
    • http://muicuiu.dumb1.com/2a06a09a09a00a03/Courage-Under-Fire-by-Yilda-B-Rivera.pdf
    • http://muicuiu.dumb1.com/1a08a08a08a09a02/Forever-My-Lady-by-Jeff-Rivera.pdf
    • http://muicuiu.dumb1.com/8a01a05a09a01a09/Diapason-by-Felix-Rivera-Guzman.pdf
    • http://muicuiu.dumb1.com/3a00a04a09a08a07/The-Closer-My-Story-by-Mariano-Rivera.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.