Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5ecce80b5da6a70…

MALICIOUS

PDF

15.7 KB Created: 2019-05-02 00:48:43 +01:00 Authoring application: mPDF 5.7
MD5: 96397398d84fb153e92e6a88ac98f99b SHA-1: fdf2159328051cc20bdd5f2481d4477a57344ba8 SHA-256: c5ecce80b5da6a70056e2091910c7f171abebafda1aa39f9227eef3bea2e1441
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier strongly indicated maliciousness. While no scripts were extracted, the PDF structure and embedded links suggest a delivery mechanism for potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a01a05a00a09/Heart-of-the-Sea-Gallaghers-of-Ardmore-Irish-Trilogy-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/9a05a03a05a01a03/Srce-mora-Gallaghers-of-Ardmore-Irish-Trilogy-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/7a01a01a08a05a03/Christmas-At-Ardmore-The-Quinns-Christmas-Excerpts-From-The-Villa-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/9a00a08a04a07/The-Heart-s-Victory-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/4a08a00a01a08/Key-of-Valor-Key-Trilogy-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/2a01a01a07a01a04/Key-of-Knowledge-Key-Trilogy-2-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/1a03a01a06a03a00/The-Next-Always-Inn-BoonsBoro-Trilogy-1-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/1a02a02a08a06/Key-of-Light-Key-Trilogy-1-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/2a05a09a06a01a08/The-Stars-Of-Mithra-A-Trilogy-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/3a04a02a03/Bay-of-Sighs-The-Guardians-Trilogy-2-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/7a00a05a07a03a03/Change-of-Heart-Best-Laid-Plans-From-This-Day-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/3a00a01a02a00a01/The-Perfect-Hope-Inn-BoonsBoro-Trilogy-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/4a00a07a02a01a03/Dance-of-the-Gods-Circle-trilogy-2-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/7a07a08a07a04a01/Cousins-O-Dwyer-Trilogy-Boxed-Set-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/4a05a09a02/Island-of-Glass-The-Guardians-Trilogy-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/1a01a05a02a09a05/Shadow-Spell-The-Cousins-O-Dwyer-Trilogy-2-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/2a05a09a04a03a08/The-Inn-BoonsBoro-Trilogy-Inn-BoonsBoro-Trilogy-1-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/4a04a02a04a05/The-Circle-trilogy-Circle-Trilogy-1-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/4a06a08a00a04a06/Born-in-Shame-Born-In-Trilogy-3-by-Nora-Roberts.pdf
    • http://muicuiu.dumb1.com/4a00a09a09a00/Born-in-Fire-Born-In-Trilogy-1-by-Nora-Roberts.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.