Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7e69e2f9f65774e…

MALICIOUS

PDF

14.1 KB Created: 2019-04-30 03:30:09 +01:00 Authoring application: mPDF 5.7
MD5: 037adec1bcca4dccb664bc99bb3ada23 SHA-1: c18ed929ae909eb809ab42ee8be7e7b329f5f4c8 SHA-256: d7e69e2f9f65774e3833446be8756e4eeb7587d77be3eb76e04756fc704e504f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or distribution mechanism. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, and the document body was heavily corrupted, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/3202208209205/Fifty-Shades-Trilogy-Fifty-Shades-1-3-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/8206205204204/Fifty-Shades-of-Alice-in-Wonderland-Fifty-Shades-of-Alice-Trilogy-1-by-Melinda-DuChamp.pdf
    • http://xiixmcuin.linkpc.net/8200200208202/Fifty-Shades-of-Grey-Fifty-Shades-1-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/4208205207206/Fifty-Shades-of-Grey-Fifty-Shades-1-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/3209204209200201/Fifty-Shades-Freed-Fifty-Shades-3-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/4208208207204205/The-Fifty-Shades-Trilogy-amp-Grey-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/1207204202200204/Fifty-Shades-of-Naughty-1-of-the-Fifty-Shades-of-Naughty-Trilogy-by-Edward-Naughty.pdf
    • http://xiixmcuin.linkpc.net/1200207209201201208/Shades-of-Control-Fifty-by-Fifty-by-Michelle-Fox.pdf
    • http://xiixmcuin.linkpc.net/1200201204208204207/Fifty-Shades-of-Grey-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/4208208207204206/Fifty-Shades-Freed---Vol-1-of-2-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/6201201203203203/Fifty-Shades-of-Grey-Part-2-of-2-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/8200209200200/Fifty-Shades-of-Grey-Inner-Goddess-A-Journal-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/7202208208206206/Fifty-Shades-Darker---Greek-Edition-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/5207205208206207/Darker---Fifty-Shades-of-Grey-Gef-hrliche-Liebe-von-Christian-selbst-erz-hlt-Band-2-by-E-L-James.pdf
    • http://xiixmcuin.linkpc.net/3201209205205209/Fifty-Shades-of-Blue-by-Jem-Lowe.pdf
    • http://xiixmcuin.linkpc.net/4201204201206204/Fifty-Shades-of-BDSM-by-Sky-Corgan.pdf
    • http://xiixmcuin.linkpc.net/4203204209205208/The-Fifty-Shades-of-Gay-Gay-Experience-1-by-M-R-Grey.pdf
    • http://xiixmcuin.linkpc.net/1203203203206205/Fifty-one-Shades-A-Parody-by-Andrew-Shaffer.pdf
    • http://xiixmcuin.linkpc.net/4208200205200204/Fifty-Shades-of-Jungle-Fever-by-L-V-Lewis.pdf
    • http://xiixmcuin.linkpc.net/7200202202200203/FIFTY-SHADES-OF-IKEA-by-Robin-Segal.pdf
    • http://xiixmcuin.linkpc.net/8200209200200/Fifty-Shad

Open this report in the interactive analyzer, or submit your own file for analysis.