Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee9a4c9649751bcc…

MALICIOUS

PDF

15.6 KB Created: 2019-04-30 02:44:34 +01:00 Authoring application: mPDF 5.7
MD5: 94f1d43abdda52282ca4d8d8621772bb SHA-1: fa21483e3a28110b4ee09eed4ce4e4b4d2fec325 SHA-256: ee9a4c9649751bcce9b4f8163b9e1fe5edea08628a8b09f14c1b35e68a777bd2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs appear to be benign book titles, the sheer volume and structure suggest a link farm or SEO spamming technique. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a09a01a01a01a01/The-Unbecoming-of-Mara-Dyer-Mara-Dyer-1-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/3a05a07a08a09a04/The-Unbecoming-of-Mara-Dyer-Mara-Dyer-1-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/4a03a07a07a00a08/The-Evolution-of-Mara-Dyer-Mara-Dyer-2-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/1a03a00a09a09a02/The-Mara-Dyer-Trilogy-Mara-Dyer-1-3-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/1a01a01a09a00a07a00/Liebe-fragt-zweimal-Eine-Mara-Schicksals-Novelle-als-E-Book-German-Edition-by-Mara-Trevek.pdf
    • http://muicuiu.dumb1.com/1a05a05a03a00a08/The-Story-of-General-Dann-and-Mara-s-Daughter-Griot-and-the-Snow-Dog-Mara-and-Dann-2-by-Doris-Lessing.pdf
    • http://muicuiu.dumb1.com/5a03a01a09a03a01/The-Essential-Wayne-Dyer-Collection-by-Wayne-W-Dyer.pdf
    • http://muicuiu.dumb1.com/1a01a00a02a04a03/Masha-by-Mara-Kay.pdf
    • http://muicuiu.dumb1.com/1a05a00a04a07a04/Whitebeam-by-K-M-del-Mara.pdf
    • http://muicuiu.dumb1.com/7a01a04a06a08a07/The-Seven-Continents-by-Wil-Mara.pdf
    • http://muicuiu.dumb1.com/4a06a00a05a08a02/Defiant-by-Mara-Li.pdf
    • http://muicuiu.dumb1.com/4a00a00a00/Where-Am-I-Now-by-Mara-Wilson.pdf
    • http://muicuiu.dumb1.com/3a04a06a06a00a05/Tides-by-Mara-Oudenes.pdf
    • http://muicuiu.dumb1.com/7a02a04a08a01/Cause-and-Conscience-by-Mara-Purl.pdf
    • http://muicuiu.dumb1.com/2a08a01a04a04a07/Kingdom-Come-by-Devi-Mara.pdf
    • http://muicuiu.dumb1.com/3a03a04a06a04a04/The-Catalyst-by-Devi-Mara.pdf
    • http://muicuiu.dumb1.com/6a02a05a06a03a04/The-Gemini-Virus-by-Wil-Mara.pdf
    • http://muicuiu.dumb1.com/9a08a06a09a08/Notorious-by-Mara-Joaquin.pdf
    • http://muicuiu.dumb1.com/1a02a09a01a04a08/Mara-Roams-by-Aedon-Young.pdf
    • http://muicuiu.dumb1.com/3a00a05a01a08a06/Whose-Angel-Keyring-by-Mara-Purl.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.