Malicious PDF — malware analysis report

Static analysis result for SHA-256 cfa35c78272b3c18…

MALICIOUS

PDF

12.4 KB Created: 2020-03-13 20:19:51 +00:00 Authoring application: mPDF 5.7
MD5: 088f8d2e05510aa3a8a9588a6b7d9240 SHA-1: b04e56b1d51f9003b4dc8732965b6fa7f9a51ff2 SHA-256: cfa35c78272b3c181c1fcd926d7b3e87639b1f332ab1be2626d55212dbbb1f13
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on kitasdyu.myhome.cx, suggesting a link farm or redirection scheme. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary attack pattern appears to be a lure to download further malicious content, potentially leading to malware infection.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/9874870871870874/Runaways-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2878876871879871/The-Matchmaker-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/5878873876871877/Masque-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3873873875878873/The-Stable-Boy-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3872871879876878/The-Dragon-s-Tamer-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/6878873872873874/The-Shining-Knight-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2879879871872877/Fairytales-Slashed-3-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4873878873870879/Burning-Bright-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3878872875879878/Fairytales-Slashed-2-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2878876873871878/Tournament-of-Losers-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4875879878873873/Delivery-With-A-Smile-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3878872875879874/The-Menagerie-Lynx-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/1877873873874879/The-Bastard-Prince-Kria-3-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4873878873871870/Treasure-The-Lost-Gods-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2870871874872873/Sandstorm-Tales-of-Tavamara-2-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2877877877871879/Ruffskin-Dance-with-the-Devil-2-5-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4872872876878874/Two-for-the-Show-Missing-Butterfly-4-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/4872872878878874/The-Missing-Butterfly-Lovesongs-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/3873879872876874/The-Engineered-Throne-Unbreakable-Soldiers-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2875877871873870/Backwoods-Asylum-Lost-Shifters-1-by-Megan-Derr.pdf
    • http://kitasdyu.myhome.cx/2877877877871879/Ruffskin-Dance-with-the-Devil-2-5-by-Megan-Derr.pd

Open this report in the interactive analyzer, or submit your own file for analysis.