Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5e245bf13300565…

MALICIOUS

PDF

17.3 KB Created: 2019-04-30 05:16:58 +01:00 Authoring application: mPDF 5.7
MD5: 20a23a9d36e2591f13891cf4824798c8 SHA-1: 268fe04b73e3afc6ff0320553f219234ccdb3fdc SHA-256: c5e245bf13300565ee1425a451aeee66e8a04b6e1d19e97b860f1ea51a548664
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, characteristic of a link farm designed to drive traffic. The ML classifier strongly indicated maliciousness. While no scripts were extracted, the sheer volume of links and the heuristic firing suggest a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/5204201204207/Surviving-Frank-by-David-A-Page.pdf
    • http://xiixmcuin.linkpc.net/2205201201201202/London-Surviving-The-Evacuation-1-by-Frank-Tayell.pdf
    • http://xiixmcuin.linkpc.net/2207206205205203/Lost-On-A-Page-by-David-E-Sharp.pdf
    • http://xiixmcuin.linkpc.net/1208205205208206/Surviving-the-Essex-The-Afterlife-of-America-s-Most-Storied-Shipwreck-by-David-O-Dowling.pdf
    • http://xiixmcuin.linkpc.net/8205206201201/Surviving-The-Storm-Surviving-Raine-1-2-by-Shay-Savage.pdf
    • http://xiixmcuin.linkpc.net/3205203206204209/The-Surviving-Trace-Surviving-Time-1-by-Calia-Read.pdf
    • http://xiixmcuin.linkpc.net/1200203206209209207/Making-Trousers-for-Men-amp-Women-A-Multimedia-Sewing-Workshop-by-David-Page-Coffin.pdf
    • http://xiixmcuin.linkpc.net/9209201202200209/Barely-Surviving-Surviving-1-by-Courtney-Cross.pdf
    • http://xiixmcuin.linkpc.net/6204203201207/Surviving-the-Fog-Surviving-the-Fog-1-by-Stan-Morris.pdf
    • http://xiixmcuin.linkpc.net/4207202204209204/Vienna-in-Violet-A-Musical-Mystery-by-David-W-Frank.pdf
    • http://xiixmcuin.linkpc.net/4202206200200205/The-Cinematic-Legacy-of-Frank-Sinatra-by-David-Wills.pdf
    • http://xiixmcuin.linkpc.net/2202209202201208/Reader-s-Companion-to-the-Diary-of-a-Young-Girl-Anne-Frank-New-Translation-Edited-by-Otto-H-Frank-and-Mirjam-Pressler-The-Definitive-Edition-by-Otto-H-Frank.pdf
    • http://xiixmcuin.linkpc.net/3208202201208/Surviving-Raine-Surviving-Raine-1-by-Shay-Savage.pdf
    • http://xiixmcuin.linkpc.net/3209207208202201/Turn-the-Page-Turn-the-Page-1-by-Ditter-Kellen.pdf
    • http://xiixmcuin.linkpc.net/4205203200208204/Surviving-Elite-High-Surviving-Elite-High-1-by-John-H-Ames.pdf
    • http://xiixmcuin.linkpc.net/9209201201201205/Surviving-Elite-High-Surviving-Elite-High-1-by-John-H-Ames.pdf
    • http://xiixmcuin.linkpc.net/2200200206205202/Frank-A-Life-in-Politics-from-the-Great-Society-to-Same-Sex-Marriage-by-Barney-Frank.pdf
    • http://xiixmcuin.linkpc.net/4200209200202/Anne-Frank-Remembered-The-Story-of-the-Woman-Who-Helped-to-Hide-the-Frank-Family-by-Miep-Gies.pdf
    • http://xiixmcuin.linkpc.net/3209201202201203/Anne-Frank-Remembered-The-Story-of-the-Woman-Who-Helped-to-Hide-the-Frank-Family-by-Miep-Gies.pdf
    • http://xiixmcuin.linkpc.net/1201201208203205203/The-Western-Paintings-of-Frank-C-McCarthy-by-Frank-Storz.pdf
    • http://xiixmcuin.linkpc.net/4207202204209204/Vienn

Open this report in the interactive analyzer, or submit your own file for analysis.