Malicious PDF — malware analysis report

Static analysis result for SHA-256 cc8979caeb40a0a0…

MALICIOUS

PDF

16.1 KB Created: 2020-03-19 03:43:49 +00:00 Authoring application: mPDF 5.7
MD5: 21addac569c1e5f7a2754e57484e61dd SHA-1: 14a2b7d6f63d26e51bd558f67873b66c8d028054 SHA-256: cc8979caeb40a0a05a1189cc045e4a70e71697772dd72c5154b4dee4d5d54b7f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by an ML classifier as malicious. Static analysis revealed a large number of embedded links, forming a link farm, with the first URL being http://owlaokopdf.myhome.cx/481698167816981698163/Bowie-Album-by-Album-by-Paolo-Hewitt.pdf. This suggests the document's primary purpose is to redirect users to potentially harmful external content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://owlaokopdf.myhome.cx/481698167816981698163/Bowie-Album-by-Album-by-Paolo-Hewitt.pdf
    • http://owlaokopdf.myhome.cx/1816081698167816781648161/Album-de-Musique-Electronique-Album-D-Universal-Indicator-Album-de-Gotan-Project-Album-de-Jaga-Jazzist-Album-de-Jon-and-Vangelis-Album-de-Just-J-by-Source-Wikipedia.pdf
    • http://owlaokopdf.myhome.cx/481698167816281648168/Alan-McGee-amp-the-Story-of-Creation-Records-This-Ecstasy-Romance-Cannot-Last-by-Paolo-Hewitt.pdf
    • http://owlaokopdf.myhome.cx/181688166816481618168/The-Nobodies-Album-by-Carolyn-Parkhurst.pdf
    • http://owlaokopdf.myhome.cx/481668165816381608163/Album-of-Horses-by-Marguerite-Henry.pdf
    • http://owlaokopdf.myhome.cx/28167816481618165/The-Wedding-Album-by-David-Marusek.pdf
    • http://owlaokopdf.myhome.cx/481688162816181628163/The-Nobodies-Album-by-Carolyn-Parkhurst.pdf
    • http://owlaokopdf.myhome.cx/181688164816081688168/The-Black-Album-by-Hanif-Kureishi.pdf
    • http://owlaokopdf.myhome.cx/181608169816381678167/My-Life-as-a-Country-Album-by-L-J-Evans.pdf
    • http://owlaokopdf.myhome.cx/481658166816081608164/Circus-An-Album-by-Linda-Granfield.pdf
    • http://owlaokopdf.myhome.cx/98168816381648164/The-Black-Album-by-Hanif-Kureishi.pdf
    • http://owlaokopdf.myhome.cx/981658168816581668168/Album-Zutique-by-Jeff-VanderMeer.pdf
    • http://owlaokopdf.myhome.cx/98161816381668167/Family-Album-by-Danielle-Steel.pdf
    • http://owlaokopdf.myhome.cx/581668162816381678166/Album-de-famille-by-Danielle-Steel.pdf
    • http://owlaokopdf.myhome.cx/781638168816681618161/Ana-Torfs-Album-Tracks-A-B-by-Sabine-Folie.pdf
    • http://owlaokopdf.myhome.cx/781668160816681668169/The-Teilhard-De-Chardin-Album-by-Jeanne-Mortier.pdf
    • http://owlaokopdf.myhome.cx/981618160816881668167/Album-Vol-I-Easy-for-Trumpet-in-Bb-and-Piano-by-Anonymous.pdf
    • http://owlaokopdf.myhome.cx/381648160816181608166/Skywalker-Family-Album-by-Alice-Alfonsi.pdf
    • http://owlaokopdf.myhome.cx/681618163816081678160/Remembrance-Album-Commun-Boy-by-Regina-Press.pdf
    • http://owlaokopdf.myhome.cx/881668164816581628167/New-Music-Album-for-the-Piano-by-Jules-Berr.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.