Malicious PDF — malware analysis report

Static analysis result for SHA-256 c992e501a2707009…

MALICIOUS

PDF

14.6 KB Created: 2019-04-30 02:16:39 +01:00 Authoring application: mPDF 5.7
MD5: 14c29f75b9c49430bf1d431f1c60a084 SHA-1: 64e44a607cb2bdc606184ad06cdfbe9b49c6b7fe SHA-256: c992e501a2707009755be82ed03bc4a532c1caad056090ea9a5d7f2564b6b63f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the document body is heavily corrupted, the presence of numerous external links suggests a redirection or SEO abuse tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a02a08a06a00a08/One-Little-Sin-MacLachlan-Family-2-by-Liz-Carlyle.pdf
    • http://muicuiu.dumb1.com/8a04a08a03a09/The-Devil-You-Know-Rutledge-Family-3-by-Liz-Carlyle.pdf
    • http://muicuiu.dumb1.com/3a08a03a05a00a07/Never-Romance-a-Rake-Neville-Family-3-by-Liz-Carlyle.pdf
    • http://muicuiu.dumb1.com/1a01a08a03a08/Wicked-All-Day-Lorimer-Family-amp-Clan-Cameron-5-by-Liz-Carlyle.pdf
    • http://muicuiu.dumb1.com/3a08a03a05a01a07/A-Woman-of-Virtue-Lorimer-Family-amp-Clan-Cameron-3-by-Liz-Carlyle.pdf
    • http://muicuiu.dumb1.com/4a08a00a00a02a02/Before-You-Came-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/4a05a05a01a07a09/Skylark-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/4a03a09a03a09a03/The-Dead-Eye-Boy-by-Angus-Maclachlan.pdf
    • http://muicuiu.dumb1.com/1a04a00a05a03/Seven-Kisses-in-a-Row-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/3a07a04a08a09a07/I-Didn-t-Do-It-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/1a04a00a08a03/Cassie-Binegar-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/4a07a00a06a04a03/More-Perfect-Than-the-Moon-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/4a03a07a08a06a08/Mungo-Park-by-T-Banks-MacLachlan.pdf
    • http://muicuiu.dumb1.com/5a05a09a07a01/Billy-Bishop-Goes-to-War-by-John-MacLachlan-Gray.pdf
    • http://muicuiu.dumb1.com/1a05a00a09a02a01/The-Fiend-In-Human-by-John-MacLachlan-Gray.pdf
    • http://muicuiu.dumb1.com/8a04a08a01a04/Sarah-Plain-and-Tall-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/3a05a07a01a00a07/The-True-Gift-A-Christmas-Story-by-Patricia-MacLachlan.pdf
    • http://muicuiu.dumb1.com/5a09a08a01a05a05/Nina-Bouraoui-Autofiction-and-the-Search-for-Selfhood-by-Rosie-MacLachlan.pdf
    • http://muicuiu.dumb1.com/3a08a06a02a08a05/In-Love-With-a-Wicked-Man-by-Liz-Carlyle.pdf
    • http://muicuiu.dumb1.com/2a00a09a06a02a08/The-Playgirls-1-by-Clarissa-Carlyle.pdf
    • http://muicuiu.dumb1.com/1a04a00a08a03/Cassie-Binegar-b

Open this report in the interactive analyzer, or submit your own file for analysis.