Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2721b3e1890fa96…

MALICIOUS

PDF

12.9 KB Created: 2019-05-02 01:23:18 +01:00 Authoring application: mPDF 5.7
MD5: c4795cdacad356ca9f89f2cdc41f28c3 SHA-1: 7f47837cbab6317bf970ed58b8ff974f4fed9a25 SHA-256: e2721b3e1890fa9673257cf17b41b4902358dd410248cd30961fd22e13c6ef3a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'muicuiu.dumb1.com'. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/9a04a02a07a05a00/BIBLIOPLAN-COMPANION-YEAR-ONE-A-Text-for-Ancient-History-by-Rob-amp-Julia-Nalle-Nalle.pdf
    • http://muicuiu.dumb1.com/1a00a05a08a00a06a05/The-Rasmus-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/8a00a04a07a02a07/Son-of-Maryam-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/7a01a09a04a01a01/Minuscule-801-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/6a07a04a00a01a07/The-Libertines-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/7a00a08a08a03a03/Souterrain-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/7a02a03a08a08a01/The-Dickies-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/1a00a09a04a04a02a02/Greystones-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/5a06a06a05a06a05/The-Decalogue-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/8a03a05a03a03a08/Son-Pari-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/9a09a03a09a05a04/Kobra-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/9a03a02a08a08a05/The-Silmarillion-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/8a02a03a06a06a07/Heraion-of-Argos-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/9a07a08a07a08a00/Hartwig-of-Uthlede-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/6a09a02a02a03a03/Robert-of-Melun-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/1a00a02a00a09a09a09/Waris-Hussein-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/1a01a02a09a08a03a02/Kevin-McNaughton-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/1a01a06a07a03a07a07/Third-Treaty-of-San-Ildefonso-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/1a00a01a00a04a02a01/Warren-Bennis-by-Jesse-Russell.pdf
    • http://muicuiu.dumb1.com/5a09a02a02a01a02/DuPont-Circle-by-Jesse-Russell.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.