Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1a08eec6ccc6335…

MALICIOUS

PDF

14.3 KB Created: 2019-04-30 02:11:14 +01:00 Authoring application: mPDF 5.7
MD5: faccc61eaa3793cd64837e3cd2b647d5 SHA-1: 81133c1b4be0d31bab2d8eb5ecc580c1a5613627 SHA-256: e1a08eec6ccc6335b19d6772c8ab8cd3405117c673be6b6123e2009d42855def
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on xiixmcuin.linkpc.net.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/5200201200206203/James-Dickey-The-Selected-Poems-by-James-Dickey.pdf
    • http://xiixmcuin.linkpc.net/1205208203206/Deliverance-by-James-Dickey.pdf
    • http://xiixmcuin.linkpc.net/3201200202205/Buckdancer-s-Choice-by-James-Dickey.pdf
    • http://xiixmcuin.linkpc.net/2200204203201207/God-s-Images-The-Bible-a-New-Vision-by-James-Dickey.pdf
    • http://xiixmcuin.linkpc.net/8207208206206202/The-Central-Motion-Poems-1968-1979-by-James-Dickey.pdf
    • http://xiixmcuin.linkpc.net/1200202201205208/The-King-James-Only-Controversy-Can-You-Trust-the-Modern-Translations-by-James-R-White.pdf
    • http://xiixmcuin.linkpc.net/7205205202207204/James-Lee-Burke-A-Dave-Robicheaux-Audio-Collection-A-Stained-White-Radiance-In-The-Electric-Mist-With-Confederate-Dead-Dixie-City-Jam-Burning-Angel-and-Cadillac-Jukebox-by-James-Lee-Burke.pdf
    • http://xiixmcuin.linkpc.net/5206209200203203/The-Blackbirds-by-Eric-Jerome-Dickey.pdf
    • http://xiixmcuin.linkpc.net/1209205204207/The-Salt-Ecstasies-by-James-L-White.pdf
    • http://xiixmcuin.linkpc.net/4206209203202200/Son-of-a-Bitch-by-Wrath-James-White.pdf
    • http://xiixmcuin.linkpc.net/3208207204203208/The-Silent-Stars-Go-By-by-James-White.pdf
    • http://xiixmcuin.linkpc.net/4206209207207205/A-White-Hot-Christmas-by-Adrianne-James.pdf
    • http://xiixmcuin.linkpc.net/3203203207207206/The-White-Deer-by-James-Thurber.pdf
    • http://xiixmcuin.linkpc.net/1208205202209/Black-and-White-Men-by-James-Spada.pdf
    • http://xiixmcuin.linkpc.net/9203208205200/Thieves-Paradise-by-Eric-Jerome-Dickey.pdf
    • http://xiixmcuin.linkpc.net/1200200204203204/Chasing-Destiny-by-Eric-Jerome-Dickey.pdf
    • http://xiixmcuin.linkpc.net/1200201208208205/Naughty-or-Nice-by-Eric-Jerome-Dickey.pdf
    • http://xiixmcuin.linkpc.net/9208209206203/Friends-and-Lovers-by-Eric-Jerome-Dickey.pdf
    • http://xiixmcuin.linkpc.net/2201205205205207/Poisoning-Eros-by-Wrath-James-White.pdf
    • http://xiixmcuin.linkpc.net/1200205200205205209/Der-D-mon-in-ihm-Die-Pathologie-des-Unbewussten-by-James-White.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.