Malicious PDF — malware analysis report

Static analysis result for SHA-256 d9ab63d7070f167f…

MALICIOUS

PDF

12.8 KB Created: 2019-04-30 04:53:30 +01:00 Authoring application: mPDF 5.7
MD5: da3752bf52085c2bafbe91ce2d30f194 SHA-1: e790e3156ff1da679738ffea49d50740b5d558f5 SHA-256: d9ab63d7070f167fb0feb7349d8d97f030aec168d0f039ae64b0177203e7fd4f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links. These links, such as http://muicuiu.dumb1.com/1a03a08a07a03a08/Preacher-Volume-7-Salvation-by-Garth-Ennis.pdf, likely serve as a link farm to distribute further malicious content or lead users to phishing pages. The PDF structure itself is indicative of a malicious distribution method.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8905

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a03a08a07a03a08/Preacher-Volume-7-Salvation-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/1a03a08a05a03a03/Preacher-Volume-6-War-in-the-Sun-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/4a00a02a09a02/Preacher-Volume-1-Gone-to-Texas-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/4a04a02a09a02a01/Preacher-Book-1-Preacher-Deluxe-1-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/7a05a05a06a04a08/Preacher-Book-5-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/7a05a05a06a04a07/Preacher-Book-3-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/4a06a02a07a07a06/Fury-MAX-My-War-Gone-By-Volume-1-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/3a09a00a06a09a05/The-Boys-Volume-7-The-Innocents-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/4a04a03a02a01a01/The-Complete-Battlefields-Volume-One-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/4a08a07a04a00a05/Battlefields-Volume-1-Night-Witches-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/3a06a02a04a02a06/Jennifer-Blood-Volume-One-A-Woman-s-Work-is-Never-Done-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/2a07a06a05a00a05/The-Pro-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/3a05a09a06a06a01/Fury-MAX-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/7a02a00a08a08/Crossed-Vol-1-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/4a03a02a08a01a08/Enemy-Ace-War-in-Heaven-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/1a04a01a04a09a00/The-Punisher-MAX-Vol-1-In-the-Beginning-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/1a05a05a04a09a06/Rover-Red-Charlie-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/7a05a05a07a03a01/The-Punisher-MAX-Vol-5-The-Slavers-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/2a03a02a09a09a01/The-Punisher-MAX-Born-by-Garth-Ennis.pdf
    • http://muicuiu.dumb1.com/1a01a06a00a00a06a07/Thor-MAX-Vikings-by-Garth-Ennis.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.