Malicious PDF — malware analysis report

Static analysis result for SHA-256 e25972866b99fbe6…

MALICIOUS

PDF

13.6 KB Created: 2019-04-30 04:53:49 +01:00 Authoring application: mPDF 5.7
MD5: 0313ee778b0c9df219068ba74928eff8 SHA-1: 62837ec854bac0aca2b94cff979e17efc93a4abe SHA-256: e25972866b99fbe6e953073bb85750a2a831a94480aecac371965c6ca7705978
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files, hosted on the dynamic DNS domain xiixmcuin.linkpc.net. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/6208208202209203/Made-in-Sud-Ouest-by-Corinne-Jausserand.pdf
    • http://xiixmcuin.linkpc.net/6208208201208203/Ouest-am-ricain-by-Lonely-Planet.pdf
    • http://xiixmcuin.linkpc.net/8203207209204204/Norv-ge-3---Bergen-et-les-fjords-du-Sud-Ouest-by-Lonely-Planet.pdf
    • http://xiixmcuin.linkpc.net/7209208202206200/Inventaire-De-La-Rainette-Faux-Grillon-De-L-ouest-Dans-Les-R-gions-De-Montr-al-Et-De-L-outaouais-by-Claude-Daigle.pdf
    • http://xiixmcuin.linkpc.net/6208208200208208/Phares-Ouest-Les-Phares-Majeurs-de-L-Arc-Atlantique-by-Philip-Plisson.pdf
    • http://xiixmcuin.linkpc.net/3207204204204207/Get-Over-It-by-Corinne-Mucha.pdf
    • http://xiixmcuin.linkpc.net/1201200202206200207/Not-Until-You-by-Corinne-Michaels.pdf
    • http://xiixmcuin.linkpc.net/4202203204/Say-You-Want-Me-by-Corinne-Michaels.pdf
    • http://xiixmcuin.linkpc.net/1201200202205205202/Defenseless-by-Corinne-Michaels.pdf
    • http://xiixmcuin.linkpc.net/4201203204206204/Persephone-and-Me-by-Corinne-Desjardins.pdf
    • http://xiixmcuin.linkpc.net/1201200202205202206/One-Last-Time-by-Corinne-Michaels.pdf
    • http://xiixmcuin.linkpc.net/1209202209202/Intricate-Passions-by-Tee-A-Corinne.pdf
    • http://xiixmcuin.linkpc.net/1205201204205209/Indecent-by-Corinne-Sullivan.pdf
    • http://xiixmcuin.linkpc.net/1201200204209207/Otherbound-by-Corinne-Duyvis.pdf
    • http://xiixmcuin.linkpc.net/1200208203203206202/Pirates-Go-to-School-by-Corinne-Demas.pdf
    • http://xiixmcuin.linkpc.net/4206208203202203/The-White-Masai-by-Corinne-Hofmann.pdf
    • http://xiixmcuin.linkpc.net/4204202209209/The-White-Masai-by-Corinne-Hofmann.pdf
    • http://xiixmcuin.linkpc.net/3201207200206205/Professor-Crush-by-Corinne-E-Victoria.pdf
    • http://xiixmcuin.linkpc.net/3207200201202201/Beloved-Salvation-1-by-Corinne-Michaels.pdf
    • http://xiixmcuin.linkpc.net/3207204204204209/My-Alaskan-Summer-by-Corinne-Mucha.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.