Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5ab6f589344d92c…

MALICIOUS

PDF

14.9 KB Created: 2020-03-15 01:05:25 +00:00 Authoring application: mPDF 5.7
MD5: 2fcad0b9d00597c9da0c619112f7e5b5 SHA-1: 780ab9e73ed8dcecb44534e2ad08a1514680ab3a SHA-256: c5ab6f589344d92c73af9b10366f1b1120774478acea6a1b4ad77b877487f195
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified as a link farm. The primary heuristic indicates a mass of external PDF links, with a dominant host of owlaokopdf.myhome.cx. This suggests the PDF's purpose is to redirect users to a large collection of other documents, likely for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://owlaokopdf.myhome.cx/381608167816781698166/Hope-to-Die-Alex-Cross-22-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/88166816581648167/Alex-Cross-s-Trial-Alex-Cross-15-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/281698165816781628166/Double-Cross-Alex-Cross-13-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/2816081618165/Cross-Justice-Alex-Cross-23-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/78168816581658163/I-Alex-Cross-Alex-Cross-16-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/8816881658169/The-People-vs-Alex-Cross-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/48161816481628163/Cat-and-Mouse-Alex-Cross-4-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/281698160816281668160/Along-Came-a-Spider-Alex-Cross-1-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/881618166816881678162/Along-Came-a-Spider-Alex-Cross-Book-1-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/181678168816781638161/Merry-Christmas-Alex-Cross-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/48164816981658162/Violets-Are-Blue-Alex-Cross-7-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/281698162816981668168/James-Patterson-Middle-School-Series-Collection-3-Books-Set-Middle-School-1-3-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/481658164816981658167/City-in-a-Bottle-by-Alex-Patterson.pdf
    • http://owlaokopdf.myhome.cx/281698167816881648165/Crossing-Hope-Cross-Creek-4-by-Kimberly-Kincaid.pdf
    • http://owlaokopdf.myhome.cx/181608166816081628164/Hope-for-Garbage-by-Alex-Tully.pdf
    • http://owlaokopdf.myhome.cx/381628166816681698167/Cross-My-Heart-and-Hope-to-Spy-Gallagher-Girls-2-by-Ally-Carter.pdf
    • http://owlaokopdf.myhome.cx/581668160816281618166/Cross-My-Heart-and-Hope-to-Die-Inspector-Quantrill-8-by-Sheila-Radley.pdf
    • http://owlaokopdf.myhome.cx/581608165816181618162/Zoo-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/381688165816881688164/Zoo-Zoo-1-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/181628169816281698166/Now-You-See-Her-by-James-Patterson.pdf
    • http://owlaokopdf.myhome.cx/48164816981658162/Violet

Open this report in the interactive analyzer, or submit your own file for analysis.