Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb38d6b1c41bc441…

MALICIOUS

PDF

18.1 KB Created: 2020-03-15 00:49:34 +00:00 Authoring application: mPDF 5.7
MD5: 25ad7878e82202d468d15de89f31bf9c SHA-1: a0a454eb2bf24a48eea47c922fbc8aaac8ad38ee SHA-256: cb38d6b1c41bc441872de5674d6edd989fcf66513440e048f7b5a9aef0defe35
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links to external PDF files, indicating a potential SEO link farm or a distribution point for further malicious content. The dominant host for these links is lwoscmobook.myhome.cx. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lwoscmobook.myhome.cx/252485242524052465248/Not-You-It-s-Me-Boston-Love-1-by-Julie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/152445245524152495246/Cross-the-Line-Boston-Love-2-by-Julie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/452425246524752475246/From-Beer-To-Beards-Boston-Baseball-s-2011-2013-Roller-Coaster-Ride-by-Carl-H-Johnson.pdf
    • http://lwoscmobook.myhome.cx/452425246524852435243/From-Beer-to-Beards-Boston-Baseball-s-2011-to-2013-Roller-Coaster-Ride-by-Carl-H-Johnson.pdf
    • http://lwoscmobook.myhome.cx/152445247524752465240/Say-the-Word-by-Julie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/2524752475243/In-Another-Life-by-Julie-Christine-Johnson.pdf
    • http://lwoscmobook.myhome.cx/652415247524352435249/Erasing-Faith-by-Julie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/1524052455243524552415248/Boston-s-Gun-Bible---Revised-with-2008-D-C-v-Heller-by-Boston-T-Party.pdf
    • http://lwoscmobook.myhome.cx/15247524952465248/The-Thundering-Years-Rituals-and-Sacred-Wisdom-for-Teens-by-Julie-Tallard-Johnson.pdf
    • http://lwoscmobook.myhome.cx/152465245524852465249/Love-s-Wicked-Game-A-Provocative-Persuasive-Story-of-Love-Lust-and-Money-by-Eddie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/352485244524052495249/The-Monday-Girl-The-Girl-Duet-Book-1-by-Julie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/352485244524152405242/The-Someday-Girl-The-Girl-Duet-Book-2-by-Julie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/852425248524452415245/Boston-Noir-amp-Boston-Noir-2-The-Complete-Set-by-Dennis-Lehane.pdf
    • http://lwoscmobook.myhome.cx/252455248524652405248/Love-Me-Softly-by-Julie-Jameson.pdf
    • http://lwoscmobook.myhome.cx/352425241524352495241/Once-Upon-a-Bad-Boy-Sometimes-in-Love-3-by-Melonie-Johnson.pdf
    • http://lwoscmobook.myhome.cx/552405240524352435248/Pretend-You-Love-Me-by-Julie-Anne-Peters.pdf
    • http://lwoscmobook.myhome.cx/252435241524352405246/Once-Upon-a-True-Love-s-Kiss-by-Julie-Johnstone.pdf
    • http://lwoscmobook.myhome.cx/452475247524352415245/Tripped-Up-Love-The-New-Ever-After-Series-1-by-Julie-Farley.pdf
    • http://lwoscmobook.myhome.cx/252485242524352415249/Rushing-Amy-Love-and-Football-2-by-Julie-Brannagh.pdf
    • http://lwoscmobook.myhome.cx/252485248524852485243/The-Love-Machine-by-Peter-Johnson.pdf
    • http://lwoscmobook.myhome.cx/2524752475243/In-Another-Life-by-Julie-Chris

Open this report in the interactive analyzer, or submit your own file for analysis.