Malicious PDF — malware analysis report

Static analysis result for SHA-256 e343979aebb42880…

MALICIOUS

PDF

16.7 KB Created: 2019-05-05 16:07:05 +01:00 Authoring application: mPDF 5.7
MD5: fd86c5b5642569e1c41cb6f66a38f102 SHA-1: 89587618f613967aa0dcb16bdcf4004af79ca578 SHA-256: e343979aebb42880740c6a5f29e2462a98515675da4c8007528e893924a30c87
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs appear benign, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, likely for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.lin
    • http://xiixmcuin.linkpc.net/5202209204208208/Erotic-Drawings-by-Jean-Cocteau-by-Jean-Cocteau.pdf
    • http://xiixmcuin.linkpc.net/5202209206202202/Jean-Cocteau-by-Jean-Touzot.pdf
    • http://xiixmcuin.linkpc.net/5202209205203200/Jean-Cocteau-by-Patrick-Mauri-s.pdf
    • http://xiixmcuin.linkpc.net/5202209206205209/Thirteen-Monologues-by-Jean-Cocteau.pdf
    • http://xiixmcuin.linkpc.net/5202209206206207/Jean-Cocteau-by-Annie-Gu-dras.pdf
    • http://xiixmcuin.linkpc.net/5202209205204204/Visual-Art-of-Jean-Cocteau-by-William-A-Emboden.pdf
    • http://xiixmcuin.linkpc.net/4203209204203200/The-Infernal-Machine-and-Other-Plays-by-Jean-Cocteau.pdf
    • http://xiixmcuin.linkpc.net/5202209205204201/Tempest-of-Stars-Selected-Poems-by-Jean-Cocteau.pdf
    • http://xiixmcuin.linkpc.net/5202209206206202/Jean-Cocteau---The-History-of-a-Poet-s-Age-by-Wallace-Fowlie.pdf
    • http://xiixmcuin.linkpc.net/5202209205207209/Two-Screenplays-The-Blood-of-a-Poet-and-The-Testament-of-Orpheus-by-Jean-Cocteau.pdf
    • http://xiixmcuin.linkpc.net/4206201200208202/An-Unknown-Welshman-An-Historical-Novel-by-Jean-Stubbs.pdf
    • http://xiixmcuin.linkpc.net/5202209205208204/Cocteau-on-the-Film-by-Cocteau.pdf
    • http://xiixmcuin.linkpc.net/5203209208205202/War-Diary-by-Jean-Malaquais.pdf
    • http://xiixmcuin.linkpc.net/1201204204203201/Brothers-Far-from-Home-The-World-War-I-Diary-of-Eliza-Bates-by-Jean-Little.pdf
    • http://xiixmcuin.linkpc.net/1201204204201200/Exiles-from-the-War-The-War-Guest-Diary-of-Charlotte-Mary-Twiss-Guelph-Ontario-1940-by-Jean-Little.pdf
    • http://xiixmcuin.linkpc.net/4200207204208209/The-Unknown-Unknown-Bookshops-and-the-Delight-of-Not-Getting-What-You-Wanted-by-Mark-Forsyth.pdf
    • http://xiixmcuin.linkpc.net/5202209205204202/After-Cocteau-by-Carolyn-Miller.pdf
    • http://xiixmcuin.linkpc.net/5202209204208205/Cocteau-by-Trista-Selous.pdf
    • http://xiixmcuin.linkpc.net/8204206209203209/Diary-of-A-Wimpy-Girl-The-New-School-An-Unofficial-Minecraft-Series-diary-of-a-wimpy-kid-children-s-books-minecraft-diary-of-a-minecraft-Book-1-by-Rachel-Duchesne.pdf
    • http://xiixmcuin.linkpc.net/5202209206202206/The-Coming-of-Age-of-Francoise-Cocteau-by-Aime-von-Rod.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.