Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0feaa52246f4414…

MALICIOUS

PDF

16.6 KB Created: 2019-05-02 01:29:44 +01:00 Authoring application: mPDF 5.7
MD5: a688623ea015db9abe2f38b63fcfa6b1 SHA-1: c952df3aa98cfa24ef9cf47117aa3729b16e667e SHA-256: d0feaa52246f4414408525138c01bdfc3f8a5ebe4664f79ea7dc04474b9546bf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links to external PDF documents hosted on the domain 'muicuiu.dumb1.com'. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9810

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1
    • http://muicuiu.dumb1.com/9a01a06a00a01/The-Creation-by-James-Weldon-Johnson.pdf
    • http://muicuiu.dumb1.com/4a00a03a01a04a04/The-Creation-by-James-Weldon-Johnson.pdf
    • http://muicuiu.dumb1.com/5a00a00a02a03a04/The-Autobiography-of-an-Ex-Colored-Man-by-James-Weldon-Johnson.pdf
    • http://muicuiu.dumb1.com/1a03a07a07a03a00/The-Autobiography-of-an-Ex-Colored-Man-by-James-Weldon-Johnson.pdf
    • http://muicuiu.dumb1.com/1a00a04a05a09a04/The-Autobiography-of-an-Ex-Colored-Man-and-Other-Writings-Barnes-amp-Noble-Classics-Series-by-James-Weldon-Johnson.pdf
    • http://muicuiu.dumb1.com/1a06a01a04a09a08/And-a-Voice-to-Sing-With-by-Joan-Baez.pdf
    • http://muicuiu.dumb1.com/8a05a00a00a03a02/Twenty-Years-A-Fakir-by-s-james-weldon.pdf
    • http://muicuiu.dumb1.com/1a02a02a06a01a09/Chasing-Spirits---The-Memoirs-of-Reginald-Weldon-by-Glynn-James.pdf
    • http://muicuiu.dumb1.com/7a08a03a06a01/Sing-Unburied-Sing-by-Jesmyn-Ward.pdf
    • http://muicuiu.dumb1.com/2a01a02a07a01/Newjack-Guarding-Sing-Sing-by-Ted-Conover.pdf
    • http://muicuiu.dumb1.com/6a03a06a09/Sing-Unburied-Sing-by-Jesmyn-Ward.pdf
    • http://muicuiu.dumb1.com/4a02a02a06a07a02/Sing-Sing-1-by-Reno-MacLeod.pdf
    • http://muicuiu.dumb1.com/2a07a05a04a01a06/The-Scattered-Voice-Christians-At-Odds-In-The-Public-Square-by-James-W-Skillen.pdf
    • http://muicuiu.dumb1.com/2a08a00a02a02a08/Voice-Over-Seiyu-Academy-Vol-1-Voice-Over-1-by-Maki-Minami.pdf
    • http://muicuiu.dumb1.com/6a03a01a03a02a00/Prostaglandins-Clin-Med-by-Dana-Sing-Yung-Ed-Sing-Yung-Ed-Sin-Wu.pdf
    • http://muicuiu.dumb1.com/4a04a09a09a01a08/Her-Other-Voice-Her-Sister-s-Voice-2-by-Lesley-Cheetham.pdf
    • http://muicuiu.dumb1.com/2a05a03a02a05a09/The-Life-of-Samuel-Johnson-by-James-Boswell.pdf
    • http://muicuiu.dumb1.com/1a01a03a00a05a01a01/Carmack-of-the-Klondike-by-James-Albert-Johnson.pdf
    • http://muicuiu.dumb1.com/1a00a00a00a04a03a04/Rational-Praise-And-Natural-Lamentation-Johnson-Lycidas-And-Principles-Of-Criticism-by-James-L-Battersby.pdf
    • http://muicuiu.dumb1.com/4a06a07a08a02a08/The-Spa-by-Fay-Weldon.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.