Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca2d01cded9896b3…

MALICIOUS

PDF

18.5 KB Created: 2019-04-30 04:11:09 +01:00 Authoring application: mPDF 5.7
MD5: b1eba856126d5d1db1beb65a0a7f42d1 SHA-1: feedf90f4f5fa723cf0835a35c5d12c68078463c SHA-256: ca2d01cded9896b32661c31fec9e08f4ef7a090f0aca7c68ea4d1ec0a4b1ef67
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier strongly indicated maliciousness. While no scripts were extracted, the sheer volume of links suggests a coordinated effort to redirect users, potentially to phishing sites or malware downloaders.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a03a04a07a05a09/Discovering-Tudor-London-A-Journey-Back-in-Time-by-Natalie-Grueninger.pdf
    • http://muicuiu.dumb1.com/1a00a00a04a04a06/The-Amateur-Historian-s-Guide-to-Medieval-and-Tudor-London-1066-1600-by-Sarah-Valente-Kettler.pdf
    • http://muicuiu.dumb1.com/1a04a03a04a00a01/Journey-Into-the-Deep-Discovering-New-Ocean-Creatures-by-Rebecca-L-Johnson.pdf
    • http://muicuiu.dumb1.com/3a02a04a03a07a09/Time-Out-2012-Things-to-Do-in-London-by-Time-Out-Guides.pdf
    • http://muicuiu.dumb1.com/3a05a09a06a02a02/Secret-Mayhem-Back-Down-Devil-MC-4-by-London-Casey.pdf
    • http://muicuiu.dumb1.com/2a06a03a09a01a08/How-To-Be-a-Tudor-A-Dawn-to-Dusk-Guide-to-Tudor-Life-by-Ruth-Goodman.pdf
    • http://muicuiu.dumb1.com/3a02a04a03a07a07/Time-Out-London-Top-100-by-Time-Out-Guides.pdf
    • http://muicuiu.dumb1.com/9a09a04a07a02a03/Writing-for-Your-Life-Discovering-the-Story-of-Your-Life-s-Journey-by-Deena-Metzger.pdf
    • http://muicuiu.dumb1.com/4a05a09a00a00a06/The-Journey-Back-by-Priscilla-Cummings.pdf
    • http://muicuiu.dumb1.com/1a06a05a04a07a04/My-Alien-Self-My-Journey-Back-to-Me-by-Amanda-Green.pdf
    • http://muicuiu.dumb1.com/3a02a04a01a05a06/Jaspa-s-Journey-2-The-Pride-of-London-by-Rich-Meyrick.pdf
    • http://muicuiu.dumb1.com/8a02a00a02a06a02/Guillain-Barre-Syndrome-My-Journey-Back-by-Shari-Ka.pdf
    • http://muicuiu.dumb1.com/1a00a08a01a04a05a02/Take-Off-Your-Shoes-One-Man-s-Journey-from-the-Boardroom-to-Bali-and-Back-by-Ben-Feder.pdf
    • http://muicuiu.dumb1.com/3a05a05a08a05/It-s-Not-about-the-Bike-My-Journey-Back-to-Life-by-Lance-Armstrong.pdf
    • http://muicuiu.dumb1.com/1a08a07a06a03a06/We-Are-Soldiers-Still-A-Journey-Back-to-the-Battlefields-of-Vietnam-by-Harold-G-Moore.pdf
    • http://muicuiu.dumb1.com/2a07a09a06a00a09/The-Shooting-of-Nancy-Howard-A-Journey-Back-to-Shore-by-Alice-Mathews.pdf
    • http://muicuiu.dumb1.com/3a05a09a09a03a02/Daughters-of-the-Samurai-A-Journey-from-East-to-West-and-Back-by-Janice-P-Nimura.pdf
    • http://muicuiu.dumb1.com/3a03a05a02a08a02/Back-in-Time-by-Virginia-Nelson.pdf
    • http://muicuiu.dumb1.com/7a05a04a01a03a05/London-and-Paris-Poems-The-Poet-s-Exile-and-Return-Journey-by-Robert-Thibodeau.pdf
    • http://muicuiu.dumb1.com/7a08a02a08a02a08/The-Lost-Joy-of-Railways-A-Nostalgic-Journey-Back-to-the-Golden-Age-of-Trainspotting-by-Julian-Holland.pdf
    • http://muicuiu.dumb1.com/2a06a03a09a01a08/How-To-Be-a-Tudor-A-Da

Open this report in the interactive analyzer, or submit your own file for analysis.