Malicious PDF — malware analysis report

Static analysis result for SHA-256 e764976afb251dbd…

MALICIOUS

PDF

26.8 KB Created: 2019-05-02 19:08:41 +01:00 Authoring application: mPDF 5.7
MD5: efe229cee6fdd5dcdfd7a5d034ac6477 SHA-1: f821c26aab8aa9caa1c38213772565b1bcf33a17 SHA-256: e764976afb251dbd23ce50a664867d4f5689161362141f2462756b7a80dd1d8a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While many of these links point to what appear to be benign book titles, the sheer volume and the use of a dynamic DNS domain (duckdns.org) suggest a malicious intent, possibly for SEO poisoning or to host malicious redirects. The ML_NYX_PDF_MALICIOUS classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9908

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cmeinasaoo.duckdns.org/2b22b25b21b22b29/A-Bride-By-Christmas-Home-For-Christmas-The-Wise-Virgin-Tumbleweed-Christmas-by-Heather-Graham.pdf
    • http://cmeinasaoo.duckdns.org/3b27b24b26b20b26/Christmas-Weddings-His-Christmas-Eve-Proposal-Snowbound-Bride-Their-Christmas-Vows-by-Carole-Mortimer.pdf
    • http://cmeinasaoo.duckdns.org/2b27b25b22b22b23/A-Christmas-Carol-and-Other-Christmas-Stories-Christmas-Festivities-The-Story-of-the-Goblins-Who-Stole-a-Sexton-A-Christmas-Tree-The-Seven-Poor-Travellers-The-Haunted-Man-and-Master-Humphrey-s-Clock-by-Charles-Dickens.pdf
    • http://cmeinasaoo.duckdns.org/2b24b24b26b20b25/A-Bride-For-Christmas-Regency-Christmas-Brides-1-by-Aileen-Fish.pdf
    • http://cmeinasaoo.duckdns.org/5b20b22b24b21b26/An-Angel-for-Christmas-by-Heather-Graham.pdf
    • http://cmeinasaoo.duckdns.org/4b26b29b29b24b25/Christmas-Cowboy-Kisses-A-Family-for-Christmas-A-Christmas-Miracle-Christmas-with-Her-Cowboy-by-Carolyn-Davidson.pdf
    • http://cmeinasaoo.duckdns.org/5b20b24b29b26b21/Christmas-Once-Is-Christmas-Still-a-Christmas-Carol-with-Illustrations-by-Phillips-Brooks.pdf
    • http://cmeinasaoo.duckdns.org/4b26b29b27b20b21/Anne-Perry-s-Christmas-Vigil-A-Christmas-Promise-A-Christmas-Odyssey-Christmas-Stories-7-8-by-Anne-Perry.pdf
    • http://cmeinasaoo.duckdns.org/3b26b25b20b29b23/The-Max-Lucado-Christmas-Collection-An-Angel-s-Story-The-Christmas-Candle-The-Christmas-Child-by-Max-Lucado.pdf
    • http://cmeinasaoo.duckdns.org/8b20b28b26b28b29/Christmas-at-the-Caf-A-Gingerbread-Caf-Christmas-Wish-Upon-a-Christmas-Cake-by-Rebecca-Raisin.pdf
    • http://cmeinasaoo.duckdns.org/3b29b26b22b22b28/The-Keepers-Christmas-in-Salem-The-Keepers-Trilogy-4-by-Heather-Graham.pdf
    • http://cmeinasaoo.duckdns.org/9b25b26b21b23b21/A-Christmas-Potpourri-14-Christmas-stories-Christmas-Potpourri-2-by-Jennifer-AlLee.pdf
    • http://cmeinasaoo.duckdns.org/5b28b24b27b20b22/Christmas-Holiday-Special-Selection-volume-5-Countdown-to-Christmas-sample-by-Amu-Taniguchi.pdf
    • http://cmeinasaoo.duckdns.org/4b26b29b26b29b27/Christmas-Romance-The-Best-Christmas-Short-Romances-of-2013-by-Danica-Winters.pdf
    • http://cmeinasaoo.duckdns.org/2b27b21b28b24b24/A-Christmas-Worth-Billions-Countdown-to-Christmas-Book-4-by-Jaclyn-Weist.pdf
    • http://cmeinasaoo.duckdns.org/5b20b26b23b25b25/A-Christmas-Dozen-Christmas-Stories-to-Warm-the-Heart-by-Steve-Burt.pdf
    • http://cmeinasaoo.duckdns.org/5b20b22b28b27b20/The-Christmas-House-How-One-Man-s-Dream-Changed-the-Way-We-Celebrate-Christmas-by-Georja-Skinner.pdf
    • http://cmeinasaoo.duckdns.org/5b25b20b28b22b27/A-Christmas-Carol-in-Prose-Being-a-Ghost-Story-of-Christmas-by-Charles-Dickens.pdf
    • http://cmeinasaoo.duckdns.org/8b20b25b26b26b27/The-Night-Before-Christmas-A-Victorian-Vision-of-the-Christmas-Classic-by-Clement-C-Moore.pdf
    • http://cmeinasaoo.duckdns.org/4b23b24b23b27b20/Cowboy-Christmas-A-Henley-Christmas-Novella-Down-Under-Cowboys-2-5-by-Kasey-Millstead.pdf
    • http://cmeinasaoo.duckdns.org/2b24b24b26b20

Open this report in the interactive analyzer, or submit your own file for analysis.