Malicious PDF — malware analysis report

Static analysis result for SHA-256 eca4ae217f865e55…

MALICIOUS

PDF

14.7 KB Created: 2019-04-30 01:57:23 +01:00 Authoring application: mPDF 5.7
MD5: 416dbab4e6d4ad826c1ac5625f932464 SHA-1: 6bd538e7c3174f3de3b4d4424cc48749b8ca4bdc SHA-256: eca4ae217f865e55b6efff3c43fff6ac4e8444686eda089fadab7a1be4a6e31e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to serve as a landing page for further malicious activity. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/8a01a04a08a04/The-Immortal-Rules-Blood-of-Eden-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/1a07a02a05a04a04/The-Immortal-Rules-Blood-of-Eden-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/5a08a00a01a01a05/The-Immortal-Rules-Blood-of-Eden-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/2a01a00a07a06a08/The-Immortal-Rules-Blood-of-Eden-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/4a06a00a00a08a08/The-Immortal-Rules-Blood-of-Eden-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/1a02a06a06a06a09/Dawn-of-Eden-Blood-of-Eden-0-5-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/6a07a08a04a01a01/La-Gardienne-D-Eternite-Blood-of-Eden-2-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/6a07a08a04a00a08/Je-suis-une-immortelle-Blood-of-Eden-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/9a04a09a02a08a05/The-Iron-Fey-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/3a05a06a07a01a08/Immortal-Blood-Immortal-Heart-1-by-Magen-McMinimy.pdf
    • http://muicuiu.dumb1.com/2a09a09a00a02/The-Iron-Queen-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/4a01a02a02a00/Summer-s-Crossing-Iron-Fey-3-5-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/9a07a00a01a07a05/Unsterblich-Reihe-in-3-B-nden-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/9a04a09a01a08a06/The-Talon-Saga-4-Book-Series-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/4a08a09a03a04a02/The-Lost-Prince-The-Iron-Fey-Call-of-the-Forgotten-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/3a04a04a01a08/The-Lost-Prince-The-Iron-Fey-Call-of-the-Forgotten-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/4a01a05a03a07a08/Blood-of-the-Immortal-Blood-1-by-Ashley-Jeffers.pdf
    • http://muicuiu.dumb1.com/4a00a08a05a05a08/Bitter-Blood-Blood-and-Moonlight-3-by-Cynthia-Eden.pdf
    • http://muicuiu.dumb1.com/4a08a03a04a05a05/The-Iron-Traitor-The-Iron-Fey-Call-of-the-Forgotten-2-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/3a00a06a08a03a03/Iron-King-1-The-Iron-Fey-Manga-1-by-Julie-Kagawa.pdf
    • http://muicuiu.dumb1.com/9a07a00a01a07a05/

Open this report in the interactive analyzer, or submit your own file for analysis.