Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4ef098ec201eb70…

MALICIOUS

PDF

19.2 KB Created: 2020-03-14 00:13:34 +00:00 Authoring application: mPDF 5.7
MD5: a74ad239507bd1cc9c5407af928b32f4 SHA-1: 71061005640f5a1918944846d2bc635e64969205 SHA-256: e4ef098ec201eb707568d03986b294761a0176bd02d7c85a55b6a412881efffa
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These links likely serve to redirect users to malicious content or for SEO manipulation. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the document. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9940

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rtuninnsi.myhome.cx/46a66a76a36a56a2/Woodrow-Wilson-A-Biography-by-John-Milton-Cooper-Jr-.pdf
    • http://rtuninnsi.myhome.cx/96a26a86a76a86a3/Woodrow-Wilson-A-Biography-by-John-Milton-Cooper-Jr-.pdf
    • http://rtuninnsi.myhome.cx/16a06a06a06a46a86a3/Select-Minor-Poems-of-John-Milton-Hymn-on-the-Nativity-l-Allegro-Il-Penseroso-Comus-Lycidas-Sonnets-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a16a66a86a36a46a1/Areopagitica-A-speech-of-Mr-John-Milton-for-the-Liberty-of-Unlicenc-d-Printing-to-the-Parlament-of-England-Annotated-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a56a96a16a1/Woodrow-Wilson-The-Academic-Years-by-Henry-Wilkinson-Bragdon.pdf
    • http://rtuninnsi.myhome.cx/16a16a86a26a16a56a2/Harper-s-Encyclopdia-of-United-States-History-from-458-A-D-to-1905-Volume-3-by-Woodrow-Wilson.pdf
    • http://rtuninnsi.myhome.cx/16a16a86a26a16a46a9/Harper-s-Encyclopedia-of-United-States-History-from-458-A-D-to-1909-Volume-8-by-Woodrow-Wilson.pdf
    • http://rtuninnsi.myhome.cx/76a16a76a66a96a1/The-Complete-Poetical-Works-of-John-Milton-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a06a06a06a46a26a9/Comus-L-Allegro-Il-Penseroso-and-Lycidas-with-Other-of-Milton-s-Shorter-Poems-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a06a06a06a46a96a7/Milton-s-Minor-Poems-L-Allegro-Il-Penseroso-Comus-and-Lycidas-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a06a06a06a46a36a6/Milton-Comus-Lycidas-L-Allegro-Il-Penseroso-and-Selected-Sonnets-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a06a06a06a36a66a2/Milton-s-l-Allegro-Il-Penseroso-Comus-and-Lycidas-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/66a06a96a56a66a9/Milton-s-Paradise-Lost-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a16a26a06a76a16a3/Willa-Cather-A-Biography-by-Milton-Meltzer.pdf
    • http://rtuninnsi.myhome.cx/46a56a96a66a66a4/Poetry-of-Mid-Century-1940-1960-by-Milton-Wilson.pdf
    • http://rtuninnsi.myhome.cx/36a96a86a36a86a9/Paradise-Lost-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/56a26a46a46a86a1/Paradise-Lost-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/86a46a46a86a76a1/Paradise-Lost-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/66a96a66a16a06a2/Paradise-Lost-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/86a46a26a76a46a9/Paradise-Lost-by-John-Milton.pdf
    • http://rtuninnsi.myhome.cx/16a56a96a16a1/Woodrow-Wilson-The-Academic-Years-by-Henry-W

Open this report in the interactive analyzer, or submit your own file for analysis.