Malicious PDF — malware analysis report

Static analysis result for SHA-256 f1cfebc8932cae97…

MALICIOUS

PDF

13.1 KB Created: 2019-05-02 19:39:45 +01:00 Authoring application: mPDF 5.7
MD5: 67726c926892a375cada903ddbbbb225 SHA-1: 54f064a551ad3ff7fc7a78627f49d29e937c533f SHA-256: f1cfebc8932cae97849b4b30ba38e5c3f16a9b9e862b5c794e7d0a98988d529f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this sample as malicious. The primary attack pattern involves a link farm designed to redirect users to potentially harmful content hosted on the `muicuiu.dumb1.com` domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a02a03a07a08a07/The-Autobiography-of-Malcolm-X-As-Told-to-Alex-Haley-by-Malcolm-X.pdf
    • http://muicuiu.dumb1.com/5a03a01a07a09a03/The-Autobiography-Of-Malcolm-X-by-Alex-Haley.pdf
    • http://muicuiu.dumb1.com/3a07a02a07a01a03/Me-Mam-Me-Dad-Me-by-Malcolm-Duffy.pdf
    • http://muicuiu.dumb1.com/5a03a09a01a07a02/The-Sun-Singer-by-Malcolm-R-Campbell.pdf
    • http://muicuiu.dumb1.com/3a03a05a00a07/Under-the-Volcano-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/4a04a07a04a03a03/Clone-by-Malcolm-Rose.pdf
    • http://muicuiu.dumb1.com/6a00a04a06a09a09/THE-DREAMCATCHERS-by-Malcolm-Hayes.pdf
    • http://muicuiu.dumb1.com/2a05a01a02a00a02/They-Come-in-All-Colors-A-Novel-by-Malcolm-Hansen.pdf
    • http://muicuiu.dumb1.com/1a00a08a00a09a03/Jamaica-by-Malcolm-Knox.pdf
    • http://muicuiu.dumb1.com/7a08a09a07a06a05/It-Never-Was-Worthwhile-by-Malcolm-Havard.pdf
    • http://muicuiu.dumb1.com/7a03a06a04a07a04/Ultramarine-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/9a02a02a03a04/Amok-by-Dominica-Malcolm.pdf
    • http://muicuiu.dumb1.com/1a00a07a08a01a07/Bradman-s-War-by-Malcolm-Knox.pdf
    • http://muicuiu.dumb1.com/7a02a02a03a08a03/I-followed-my-man-to-Lausanne-by-Moira-M-Malcolm.pdf
    • http://muicuiu.dumb1.com/3a01a02a06a01a08/What-the-Dog-Saw-And-Other-Adventures-by-Malcolm-Gladwell.pdf
    • http://muicuiu.dumb1.com/8a09a09a08a02/The-History-Man-by-Malcolm-Bradbury.pdf
    • http://muicuiu.dumb1.com/7a02a02a08a06a00/Brahms-by-Malcolm-MacDonald.pdf
    • http://muicuiu.dumb1.com/2a01a04a07a09a07/Under-the-Volcano-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/4a04a08a04a06a01/Under-the-Volcano-by-Malcolm-Lowry.pdf
    • http://muicuiu.dumb1.com/7a00a07a00a06a06/The-Alleluia-Affair-by-Malcolm-Boyd.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.