Malicious PDF — malware analysis report

Static analysis result for SHA-256 c40529287aad76fc…

MALICIOUS

PDF

20.3 KB Created: 2019-04-29 23:14:59 +01:00 Authoring application: mPDF 5.7
MD5: 1122a71e5e356e96d7832b312e1a4760 SHA-1: d970c736919dca4240f94613008e2a673fb2d859 SHA-256: c40529287aad76fc8bb0a2cdf4f66d78982defa43b1a94a07651dc2c9b4fb637
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, directing users to external websites. While the specific content of these linked PDFs is benign, the sheer volume and structure suggest a link farm designed to manipulate search engine rankings or distribute traffic. No scripts were extracted from this sample. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9805

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/7a04a07a07a00a00/The-Fortune-of-France-from-the-Prophetical-Predictions-of-Mr-Truswell-the-Recorder-of-Lincoln-and-Michael-Nostradamus-by-Nostradamus.pdf
    • http://muicuiu.dumb1.com/7a04a07a06a00a05/Nostradamus-and-the-Nineties-Prophecies-of-Nostradamus-Pertaining-to-the-1990s-by-Nostradamus.pdf
    • http://muicuiu.dumb1.com/6a03a09a06a09/The-Writings-Of-Nostradamus-The-Complete-Prophecies-For-The-Future-Past-And-Present-Including-The-Almanacs-by-Nostradamus.pdf
    • http://muicuiu.dumb1.com/7a04a07a05a05a01/Nostradamus-His-Works-and-Prophecies-by-Nostradamus.pdf
    • http://muicuiu.dumb1.com/7a04a07a04a08a08/Consult-the-Oracle-A-Victorian-Guide-to-Folklore-and-Fortune-Telling-by-Gabriel-Nostradamus.pdf
    • http://muicuiu.dumb1.com/7a04a07a04a08a00/Prophecies-of-Nostradamus-by-Nostradamus.pdf
    • http://muicuiu.dumb1.com/7a04a07a06a01a03/Apocalypse-Not-Everything-You-Know-About-2012-Nostradamus-and-the-Rapture-Is-Wrong-by-John-Michael-Greer.pdf
    • http://muicuiu.dumb1.com/7a04a07a04a08a04/Nostradamus-by-Peter-Lemesurier.pdf
    • http://muicuiu.dumb1.com/7a04a07a05a04a08/Nostradamus-by-Millie-Ridge.pdf
    • http://muicuiu.dumb1.com/1a01a07a05a06a06/The-Nostradamus-Design-by-Vincent-Ray.pdf
    • http://muicuiu.dumb1.com/7a04a07a07a00a09/Nostradamus-The-Prophecies-by-J-Anderson-Black.pdf
    • http://muicuiu.dumb1.com/7a04a07a05a05a09/The-Nostradamus-Code-by-David-Ovason.pdf
    • http://muicuiu.dumb1.com/7a04a07a06a09a04/An-Introduction-to-Nostradamus-by-William-Schmeiser.pdf
    • http://muicuiu.dumb1.com/7a04a07a07a00a05/The-Link-Blood-of-Nostradamus-2-by-Andrew-Laurance.pdf
    • http://muicuiu.dumb1.com/1a02a08a00a09a02/The-Nostradamus-Secret-Bob-Danforth-3-by-Joseph-Badal.pdf
    • http://muicuiu.dumb1.com/7a04a07a07a00a06/The-Secret-Prophecies-of-Nostradamus-by-Cynthia-Sternau.pdf
    • http://muicuiu.dumb1.com/7a04a07a06a03a00/Nostradamus-The-Good-News-by-Mario-Reading.pdf
    • http://muicuiu.dumb1.com/7a04a07a05a04a07/Nostradamus-The-Complete-Prophecies-by-John-Hogue.pdf
    • http://muicuiu.dumb1.com/7a09a03a00a04a02/Hercules-Richelieu-and-Nostradamus-by-Paul-Snoek.pdf
    • http://muicuiu.dumb1.com/3a09a03a09a02a02/The-Nostradamus-File-The-Project-6-by-Alex-Lukeman.pdf
    • http://muicuiu.dumb1.com/7a04a07a04a08a08/Consult-the-Ora

Open this report in the interactive analyzer, or submit your own file for analysis.