Malicious PDF — malware analysis report

Static analysis result for SHA-256 cdc5110f0bc82066…

MALICIOUS

PDF

12.8 KB Created: 2019-04-30 04:05:44 +01:00 Authoring application: mPDF 5.7
MD5: ce15c86724e6059be815115b73504eef SHA-1: d2084adec1ceed28eac7623463f3f4afcc2cac36 SHA-256: cdc5110f0bc82066079b93d597a69f69f275bf4058ee95761b3c7dda74d45209
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF document contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While many of these URLs point to benign content, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, likely to manipulate search engine results or distribute further malware. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/5a02a09a04a07a08/Albert-Camus-A-Biography-by-Herbert-R-Lottman.pdf
    • http://muicuiu.dumb1.com/7a01a07a02a08/The-Stranger-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/3a02a04a05a09/The-Plague-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/3a07a00a05a09a01/The-Fall-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/6a07a09a05a02a04/L-tranger-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/5a07a07a02a04a05/The-Plague-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/4a03a08a00a01a06/The-Guest-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/1a01a05a04a05a05a04/The-Plague-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/2a08a08a03a02a05/The-Outsider-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/7a01a00a02a02/Neither-Victims-Nor-Executioners-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/3a09a06a00a09a07/Exile-and-the-Kingdom-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/4a08a08a05a02a01/Algerian-Chronicles-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/5a02a09a04a07a07/Reflections-on-the-Guillotine-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/9a06a06a08a02/The-Myth-of-Sisyphus-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/6a01a03a02a04/A-Happy-Death-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/5a02a09a04a07a06/Notebooks-1935-1951-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/7a04a05a05a06a04/Correspondence-1932-1960-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/1a04a02a08a08a09/Notebooks-1951-1959-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/5a02a05a06a08a04/Albert-Camus-A-Life-by-Olivier-Todd.pdf
    • http://muicuiu.dumb1.com/6a02a04a05a06a01/The-Outsider-Sang-Pemberontak-by-Albert-Camus.pdf
    • http://muicuiu.dumb1.com/6a01a03a02a04/A-Happy-Deat

Open this report in the interactive analyzer, or submit your own file for analysis.