Malicious PDF — malware analysis report

Static analysis result for SHA-256 e0b216a37ac035fc…

MALICIOUS

PDF

14.8 KB Created: 2019-04-28 09:12:16 +01:00 Authoring application: mPDF 5.7
MD5: c41d851df6435fec0512c08bca8fe005 SHA-1: ba191340e32a8088a2f457b62e5f389f388fccf1 SHA-256: e0b216a37ac035fcec73d99074b68e834420baab0503c3ec792af9c0605f35ef
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs, forming a link farm. This is indicative of SEO poisoning or a distribution point for further malicious content. The ML classifier strongly supports the malicious verdict. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a06a05a08a03a07/Hundred-Dollar-Baby-Spenser-34-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/1a00a03a09a02a03a01/Hundert-Dollar-Baby-Ein-Auftrag-f-r-Spenser-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/9a03a01a00a07a02/Spenser-und-das-gestohlene-Manuskript-Ein-Auftrag-f-r-Spenser-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/1a02a04a07a03a07/Valediction-Spenser-11-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a00a08a03a05a03/Stardust-Spenser-17-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a03a06a03a05/Ceremony-Spenser-9-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/4a03a06a04a01/Early-Autumn-Spenser-7-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/2a03a00a07a05a05/Double-Deuce-Spenser-19-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a04a08a07a07a09/Robert-B-Parker-s-Kickback-Spenser-43-by-Ace-Atkins.pdf
    • http://muicuiu.dumb1.com/4a03a00a04a09a03/Hush-Money-Spenser-26-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a06a02a03a00a09/Double-Deuce-Spenser-19-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a09a00a06a08a07/Robert-B-Parker-s-Wonderland-Spenser-41-by-Ace-Atkins.pdf
    • http://muicuiu.dumb1.com/3a00a03a07a07a09/School-Days-Spenser-33-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/2a08a08a00a08a09/Pale-Kings-And-Princes-Spenser-14-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/9a04a07a01a00a06/Der-gute-Terrorist-Ein-Auftrag-f-r-Spenser-by-Robert-B-Parker.pdf
    • http://muicuiu.dumb1.com/3a03a07a01a05a09/Robert-B-Parker-s-Little-White-Lies-Spenser-45-by-Ace-Atkins.pdf
    • http://muicuiu.dumb1.com/1a07a04a05a06a00/His-Billion-Dollar-Baby-by-Lea-Nolan.pdf
    • http://muicuiu.dumb1.com/4a09a08a09a05a05/Billion-Dollar-Baby-1-by-Simone-Holloway.pdf
    • http://muicuiu.dumb1.com/5a06a00a01a01a02/Billion-Dollar-Baby-Bargain-by-Tessa-Radley.pdf
    • http://muicuiu.dumb1.com/3a07a06a04a00a09/Million-Dollar-Baby-A-Marjorie-McClelland-Mystery-1-by-Amy-Patricia-Meade.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.