Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0422c52c0bf29b7…

MALICIOUS

PDF

13.7 KB Created: 2020-03-21 08:57:12 +00:00 Authoring application: mPDF 5.7
MD5: 6e296bb7ab05377fa25997b1f750df24 SHA-1: e2790c77b5fe36ad03e172fe2fae596373c71fcc SHA-256: f0422c52c0bf29b7acc7e38466958adaf8326569357c121dcbe38cd1d10ea0c2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. The document body confirms the presence of these links, which all point to the same domain, kitasdyu.myhome.cx. This suggests a link farming or content distribution scheme. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/1870878873878870870/Chasing-Prophecy-by-James-A-Moser.pdf
    • http://kitasdyu.myhome.cx/1870878873878873875/Moser-on-Music-Copyright-by-David-J-Moser.pdf
    • http://kitasdyu.myhome.cx/3872878878878/The-Celestine-Prophecy-Celestine-Prophecy-1-by-James-Redfield.pdf
    • http://kitasdyu.myhome.cx/7872870873874870/Messages-of-the-Celestine-Prophecy-by-James-Redfield.pdf
    • http://kitasdyu.myhome.cx/7872870873873873/The-Celestine-Prophecy-An-Experiential-Guide-by-James-Redfield.pdf
    • http://kitasdyu.myhome.cx/3874875879871879/Chasing-Me-Quinn-and-James-2-by-Jennifer-Probst.pdf
    • http://kitasdyu.myhome.cx/7872870873873875/The-Celestine-Prophecy-A-Pocket-Guide-to-the-Nine-Insights-by-James-Redfield.pdf
    • http://kitasdyu.myhome.cx/2879873870879878/Forsaken-Kingdom-City-of-Prophecy-by-Peter-James-Dudek.pdf
    • http://kitasdyu.myhome.cx/1876877876879872/The-Twelfth-Insight-The-Hour-of-Decision-Celestine-Prophecy-4-by-James-Redfield.pdf
    • http://kitasdyu.myhome.cx/1871871879876871/All-Access-Chasing-Cross-1-Brothers-of-Rock-1-by-Karolyn-James.pdf
    • http://kitasdyu.myhome.cx/2877870873870871/Bitter-Farewell-Chasing-Cross-3-Brothers-of-Rock-3-by-Karolyn-James.pdf
    • http://kitasdyu.myhome.cx/5874872879878/Prophecy-s-Child-Prophecy-2-by-Brenda-Dyer.pdf
    • http://kitasdyu.myhome.cx/4872872878878879/Chasing-Logan-Chasing-1-by-Tracy-Lorraine.pdf
    • http://kitasdyu.myhome.cx/2874876873874876/Chasing-Beautiful-The-Prelude-Chasing-0-5-by-Pamela-Ann.pdf
    • http://kitasdyu.myhome.cx/1876872874872876/Prophecy-Prophecy-1-by-Lea-Kirk.pdf
    • http://kitasdyu.myhome.cx/6872879877873876/Chasing-Perfection-Complete-Series-Chasing-Perfection-1-5-by-M-S-Parker.pdf
    • http://kitasdyu.myhome.cx/7872870873873874/The-Song-of-Celestine-Inspired-by-quot-The-Celestine-Prophecy-quot-by-James-Redfield.pdf
    • http://kitasdyu.myhome.cx/3877879876878/Prophecy-of-the-Sisters-Prophecy-of-the-Sisters-1-by-Michelle-Zink.pdf
    • http://kitasdyu.myhome.cx/1876878873875876/Celebration-by-Kay-Moser.pdf
    • http://kitasdyu.myhome.cx/1870878873878879870/The-Art-of-Barry-Moser-by-Barry-Moser.pdf
    • http://kitasdyu.myhome.cx/4872

Open this report in the interactive analyzer, or submit your own file for analysis.