Malicious PDF — malware analysis report

Static analysis result for SHA-256 e8b86e78d7798e73…

MALICIOUS

PDF

20.0 KB Created: 2020-03-20 13:11:17 +00:00 Authoring application: mPDF 5.7
MD5: 7daf3ff3274f3e05e4421e0b294c45ab SHA-1: 119cf83545880216335987cb37989cf9c5377ad0 SHA-256: e8b86e78d7798e73e7938bfcdd9affd944098232b18cefc8348e874cfcdbd49c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, all pointing to the same domain 'calistazz.myhome.cx'. This suggests a link farm or a redirection mechanism to distribute malicious content. No scripts were extracted from this sample. The primary attack pattern observed is the mass distribution of external links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://calistazz.myhome.cx/7869866866866/The-Carreta-Jungle-Novels-1-by-B-Traven.pdf
    • http://calistazz.myhome.cx/3867865863866862/The-Bridge-in-the-Jungle-by-B-Traven.pdf
    • http://calistazz.myhome.cx/5867867864860869/The-Jungle-Book-Extracts-Le-Livre-De-La-Jungle-Extraits-by-Rudyard-Kipling.pdf
    • http://calistazz.myhome.cx/9861868863869862/Blood-Jungle-Ballet-Jungle-Beat-4-by-John-Enright.pdf
    • http://calistazz.myhome.cx/1868865861860864/Milly-s-Jungle-Adventures-The-Jungle-Talent-Show-by-Uma-S-.pdf
    • http://calistazz.myhome.cx/7867863869869860/The-Jungle-Book---Le-Livre-De-La-Jungle-A-Bilingual-Reader---Une-Livre-Bilingue-Classical-Language-Skills-Development-Series-8-by-Rudyard-Kipling.pdf
    • http://calistazz.myhome.cx/9865868869860863/Learn-To-Draw---In-The-Jungle-Drawing-craft-and-creative-jungle-fun-with-istein-by-istein-Kristiansen.pdf
    • http://calistazz.myhome.cx/3867865863866860/The-Cotton-Pickers-by-B-Traven.pdf
    • http://calistazz.myhome.cx/4860860865863/The-Treasure-of-the-Sierra-Madre-by-B-Traven.pdf
    • http://calistazz.myhome.cx/4861861861864863/The-Treasure-of-the-Sierra-Madre-by-B-Traven.pdf
    • http://calistazz.myhome.cx/1865861865864864/The-Treasure-of-the-Sierra-Madre-by-B-Traven.pdf
    • http://calistazz.myhome.cx/2864860864867862/The-Treasure-of-the-Sierra-Madre-by-B-Traven.pdf
    • http://calistazz.myhome.cx/9865860862864864/Novels-by-S-E-Hinton-Continuity-Within-S-e-Hinton-Novels-Tex-Rumble-Fish-Taming-the-Star-Runner-the-Puppy-Sister-That-Was-Then-by-Books-LLC.pdf
    • http://calistazz.myhome.cx/1860864863865865862/JO-NESBO-READING-LIST-WITH-SUMMARIES-FOR-ALL-BOOKS---SERIES-NOVELS---HARRY-HOLE-DOCTOR-PROCTOR-BLOOD-ON-STONE-AND-STANDALONE-NOVELS-CHECKLIST-INCLUDES-NESBO-S-WORKS-Best-Reading-Order-Book-49-by-Avid-Reader.pdf
    • http://calistazz.myhome.cx/3865865868863863/The-Law-of-the-Jungle-by-H-L-Holston.pdf
    • http://calistazz.myhome.cx/7866867866867865/Say-Hello-to-the-Jungle-Animals-by-Ian-Whybrow.pdf
    • http://calistazz.myhome.cx/2860869867866860/The-Jungle-Book-by-Dan-Johnson.pdf
    • http://calistazz.myhome.cx/5864867869866864/The-Jungle-by-Upton-Sinclair.pdf
    • http://calistazz.myhome.cx/1865868861863869/The-Asphalt-Jungle-by-W-R-Burnett.pdf
    • http://calistazz.myhome.cx/7869869868866860/The-Jungle-by-Upton-Sinclair.pdf
    • http://calistazz.myhome.cx/9865868869860863/Learn-To-Draw---In-The-Jungle-Drawin

Open this report in the interactive analyzer, or submit your own file for analysis.