Malicious PDF — malware analysis report

Static analysis result for SHA-256 eb127d10267db98a…

MALICIOUS

PDF

13.7 KB Created: 2020-03-18 23:00:47 +00:00 Authoring application: mPDF 5.7
MD5: 38080502c6c75215f0b17f8b46b1c48b SHA-1: 79aee6b87e3185f1e98114d07f2268f654059ef5 SHA-256: eb127d10267db98a6f5d8426a00f8f7799b6a8c6414bfdfe0787f7400d9d9dd1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various book titles, suggesting a tactic to drive traffic to potentially malicious or spam-laden websites. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://eascasas.myhome.cx/1aa1aa1aa1aa2aa3aa2/Seduced-by-the-Loan-Shark-Seduced-by-3-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/1aa2aa9aa2aa3aa5/Seduced-by-Power-The-Seduced-Saga-3-by-Alex-Lux.pdf
    • http://eascasas.myhome.cx/2aa2aa2aa7aa5aa5/How-Not-to-be-Seduced-by-Billionaires-How-Not-to-be-Seduced-by-Billionaires-1-3-by-Marian-Tee.pdf
    • http://eascasas.myhome.cx/1aa3aa2aa3aa2aa7/Her-Cowboy-Protector-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/4aa8aa6aa6aa8aa6/Yuri-Her-Russian-Protector-3-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/3aa3aa3aa7aa6aa0/Hot-And-Bothered-Her-Russian-Protector-1-3-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/3aa0aa1aa8aa0aa1/Ivan-Her-Russian-Protector-1-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/2aa8aa2aa6aa7aa4/Sergei-2-Her-Russian-Protector-5-5-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/2aa8aa2aa6aa8aa4/In-Jack-s-Arms-Fighting-Connollys-2-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/2aa4aa9aa2aa6aa0/House-Rules-Her-Russian-Protector-1-1-by-Roxie-Rivera.pdf
    • http://eascasas.myhome.cx/3aa1aa4aa4aa7aa0/Right-Now-Seduced-1-by-Jackie-Mcmahon.pdf
    • http://eascasas.myhome.cx/4aa8aa5aa8aa5aa6/Seduced-by-a-Rockstar-by-J-L-Ostle.pdf
    • http://eascasas.myhome.cx/8aa4aa3aa2aa9aa4/Seduced-in-the-Dark-by-C-J-Roberts.pdf
    • http://eascasas.myhome.cx/2aa8aa8aa0aa6aa4/Seduced-by-Tarah-Scott.pdf
    • http://eascasas.myhome.cx/1aa2aa3aa3aa4/Seduced-by-the-Enemy-by-Jamie-Denton.pdf
    • http://eascasas.myhome.cx/3aa6aa4aa1aa9aa2/Stranded-Seduced-Pregnant-by-Kim-Lawrence.pdf
    • http://eascasas.myhome.cx/8aa2aa0aa1aa4/Seduced-Surrender-3-by-Melody-Anne.pdf
    • http://eascasas.myhome.cx/3aa2aa1aa2aa3aa8/Seduced-by-a-Wolf-by-Zena-Wynn.pdf
    • http://eascasas.myhome.cx/4aa9aa8aa4aa9aa2/Seduced-by-Fame-by-Isla-Fisher.pdf
    • http://eascasas.myhome.cx/4aa5aa6aa7aa5aa2/Seduced-Undercover-1-by-Helena-Newbury.pdf
    • http://eascasas.myhome.cx/3aa1aa4aa4aa7aa0/Right-Now-Seduced-1-by-Jackie-Mcmahon

Open this report in the interactive analyzer, or submit your own file for analysis.