Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2e7b6ad4efb0263…

MALICIOUS

PDF

14.9 KB Created: 2019-05-01 19:49:05 +01:00 Authoring application: mPDF 5.7
MD5: 03729348726f3857befe95368fdbbd0f SHA-1: 59bcdd22437e789b5c0698a3ce98c31598f8e1a6 SHA-256: c2e7b6ad4efb0263e618fcb5b15a188c5e6df40dcc49e50592832d2c7d57f74e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the specific intent of these links is unclear, the sheer volume suggests a malicious purpose such as SEO manipulation or distributing further malware. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/1201207200200203200/In-The-Land-Of-Winter-by-Margaret-Sarah-Bechtel.pdf
    • http://xiixmcuin.linkpc.net/3205202201207206/Learning-Stories-Constructing-Learner-Identities-in-Early-Education-by-Margaret-Carr.pdf
    • http://xiixmcuin.linkpc.net/5206201202200203/Caillou-Gets-the-Hiccups-by-Sarah-Margaret-Johanson.pdf
    • http://xiixmcuin.linkpc.net/5206201202200204/Caillou-The-Missing-Sock-by-Sarah-Margaret-Johanson.pdf
    • http://xiixmcuin.linkpc.net/5206201201201208/Caillou-Training-Wheels-by-Sarah-Margaret-Johanson.pdf
    • http://xiixmcuin.linkpc.net/5206201201208205/Caillou-The-Jungle-Explorer-by-Sarah-Margaret-Johanson.pdf
    • http://xiixmcuin.linkpc.net/2200203203205204/The-Dark-Oasis-by-Margaret-Pargeter.pdf
    • http://xiixmcuin.linkpc.net/2207203204207205/The-Dark-Garden-by-Margaret-Buffie.pdf
    • http://xiixmcuin.linkpc.net/2201206201204204/Amber-and-Iron-Dragonlance-The-Dark-Disciple-2-by-Margaret-Weis.pdf
    • http://xiixmcuin.linkpc.net/2201206201204205/Amber-and-Blood-Dragonlance-The-Dark-Disciple-3-by-Margaret-Weis.pdf
    • http://xiixmcuin.linkpc.net/6200206205206/The-Dark-Wife-by-Sarah-Diemer.pdf
    • http://xiixmcuin.linkpc.net/1202207206206201/Dark-Storm-by-Sarah-Singleton.pdf
    • http://xiixmcuin.linkpc.net/5209201201/The-Dark-Lake-by-Sarah-Bailey.pdf
    • http://xiixmcuin.linkpc.net/5209203201207/A-Dark-Dividing-by-Sarah-Rayne.pdf
    • http://xiixmcuin.linkpc.net/3204201206208209/We-Grow-Accustomed-to-the-Dark-by-Sarah-Diemer.pdf
    • http://xiixmcuin.linkpc.net/3209204209202204/Draw-One-in-the-Dark-Shifters-1-by-Sarah-A-Hoyt.pdf
    • http://xiixmcuin.linkpc.net/5200205204208200/The-Dark-Lake-Gemma-Woodstock-1-by-Sarah-Bailey.pdf
    • http://xiixmcuin.linkpc.net/1201204200205205205/Krank-Love-in-the-New-Dark-Times-by-Sarah-Sheard.pdf
    • http://xiixmcuin.linkpc.net/3208202209204206/A-Scot-in-the-Dark-Scandal-amp-Scoundrel-2-by-Sarah-MacLean.pdf
    • http://xiixmcuin.linkpc.net/6202202207208206/The-Chief-Learning-Officer-Clo-Driving-Value-Within-a-Changing-Organization-Through-Learning-and-Development-by-Elkeles.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.