Malicious PDF — malware analysis report

Static analysis result for SHA-256 cd9dfeb67bd4e6b0…

MALICIOUS

PDF

17.4 KB Created: 2020-03-15 21:06:09 +00:00 Authoring application: mPDF 5.7
MD5: c2e81b04d4d6aafabd444ed562c63c8b SHA-1: 3880ccbe34d65772bef656255e5238918f092cd9 SHA-256: cd9dfeb67bd4e6b0319d5f31e2e36031ccab36f847eafecb407229ffad5290db
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to a single suspicious domain, indicating a link farm designed to distribute further malicious content. The ML classifier strongly supports the malicious verdict. The embedded URLs are reconstructed as IOCs for analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ieuicufioao.myhome.cx/7556552551551555/The-Mystery-of-the-Baghdad-Chest-A-Short-Story-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/7559551553554555/The-Mysterious-Affair-at-Styles-by-Agatha-Christie-Annotated-James-Lynn-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/8550556557559550/Agatha-Christie---The-Mysterious-Affair-at-Styles-quot-If-You-Place-Your-Head-in-a-Lion-s-Mouth-Then-You-Cannot-Complain-One-Day-If-He-Happens-to-Bite-It-Off-quot-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3557554550555555/Agatha-The-Real-Life-of-Agatha-Christie-by-Anne-Martinetti.pdf
    • http://ieuicufioao.myhome.cx/2557550558553/The-Complete-Christie-An-Agatha-Christie-Encyclopedia-by-Matthew-Bunson.pdf
    • http://ieuicufioao.myhome.cx/3558558555552552/Christie-Classics-The-murder-of-Roger-Ackroyd-And-then-there-were-none-The-witness-for-the-prosecution-Philomel-Cottage-Three-blind-mice-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/5552551556554/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/4558555551556553/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/4550559557550550/N-or-M-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/5553551553552/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/1550551559555554553/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/5555554556559554/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3552552550551/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3551559556553555/Tod-in-den-Wolken-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3552555552550558/Death-Comes-as-the-End-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3556557557557554/There-is-a-Tide-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/4553559556552559/Evil-Under-the-Sun-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/4555556552558556/Sad-Cypress-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/2552553552555557/Evil-Under-the-Sun-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3557556550554559/There-is-a-Tide-by-Agatha-Christie.pdf
    • http://ieuicufioao.myhome.cx/3558558555552552

Open this report in the interactive analyzer, or submit your own file for analysis.