Malicious PDF — malware analysis report

Static analysis result for SHA-256 d448d6464e5916c4…

MALICIOUS

PDF

12.9 KB Created: 2020-03-18 21:12:26 +00:00 Authoring application: mPDF 5.7
MD5: 247676d96b5a767db40a8b3e5e6dbdcb SHA-1: 8aa08b8ef077b83f5da7af890d764e47ac6f6eb4 SHA-256: d448d6464e5916c4556927d241c63918031897dc7c11739c4bb331569dab6767
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, all pointing to the same dominant host 'kitasdyu.myhome.cx'. This suggests a link farm or a distribution point for malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/5870873874877870/Pulp-Winds-by-Wm-Michael-Mott.pdf
    • http://kitasdyu.myhome.cx/1876875878879876/The-Pulsifer-Saga-by-Wm-Michael-Mott.pdf
    • http://kitasdyu.myhome.cx/1873871874876874/Pulsifier-A-Fable-by-Michael-Mott.pdf
    • http://kitasdyu.myhome.cx/2873876873872/The-Seven-Mountains-of-Thomas-Merton-by-Michael-Mott.pdf
    • http://kitasdyu.myhome.cx/4877879871875872/The-Castle-of-the-Winds-The-Winter-of-the-World-4-by-Michael-Scott-Rohan.pdf
    • http://kitasdyu.myhome.cx/8876879872876/The-Mage-Winds-Valdemar-Mage-Winds-1-3-by-Mercedes-Lackey.pdf
    • http://kitasdyu.myhome.cx/3879873871876873/Pulp-Ink-2-by-Nigel-Bird.pdf
    • http://kitasdyu.myhome.cx/5873876877873/Pulp-by-Neil-D-Ostroff.pdf
    • http://kitasdyu.myhome.cx/4870870876873878/The-Returned-by-Jason-Mott.pdf
    • http://kitasdyu.myhome.cx/6871878879874870/The-Provencal-Lyric-by-Lewis-F-Mott.pdf
    • http://kitasdyu.myhome.cx/1870870877870870875/Pulp-Fly-Volume-Three-by-Miles-Nolte.pdf
    • http://kitasdyu.myhome.cx/4872878874871/Aspen-Pulp-by-Patrick-Hasburgh.pdf
    • http://kitasdyu.myhome.cx/6873873877874879/Mott-the-Hoople-by-Willard-Manus.pdf
    • http://kitasdyu.myhome.cx/7877876877879876/Legends-of-New-Pulp-Fiction-by-Ron-Fortier.pdf
    • http://kitasdyu.myhome.cx/6879877876877878/Pulp-Stories-1-1-The-Protege-by-Russell-Syphert.pdf
    • http://kitasdyu.myhome.cx/2872879873877878/Squid-Pulp-Blues-by-Jordan-Krall.pdf
    • http://kitasdyu.myhome.cx/9871879878870877/1001-Video-Games-You-Must-Play-Before-You-Die-by-Tony-Mott.pdf
    • http://kitasdyu.myhome.cx/3870871873872872/Jupiter-Winds-Jupiter-Winds-1-by-C-J-Darlington.pdf
    • http://kitasdyu.myhome.cx/7877872871877871/Big-Pulp-Summer-2012-The-Purloined-Pearl-by-James-Penha.pdf
    • http://kitasdyu.myhome.cx/6875871877875873/Pulp-Culture-Hardboiled-Fiction-the-Cold-War-by-Woody-Haut.pdf
    • http://kitasdyu.myhome.cx/7877876877879876/Legends-of-New-Pulp-

Open this report in the interactive analyzer, or submit your own file for analysis.