Malicious PDF — malware analysis report

Static analysis result for SHA-256 f2ee87780d0bd7ac…

MALICIOUS

PDF

19.2 KB Created: 2019-04-30 04:18:21 +01:00 Authoring application: mPDF 5.7
MD5: a65c50b3016f3f22bf584d1c2af54b4d SHA-1: 2a6aadf2033745258e6c08aff8ffbc2ac2d29043 SHA-256: f2ee87780d0bd7ac5059dd38e7de8a59b96c30b6970999f0ceed3b19ab4a6b27
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. While many of these links were flagged as confirmed_benign, the sheer volume and the ML_NYX_PDF_MALICIOUS classification suggest a malicious intent, possibly for SEO manipulation or as a lure for further malicious downloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a05a04a07a02a01/You-Know-I-Can-t-Hear-You-When-the-Water-s-Running-by-Robert-Woodruff-Anderson.pdf
    • http://muicuiu.dumb1.com/5a04a07a02a08a06/Solitaire-amp-Double-Solitaire-by-Robert-Woodruff-Anderson.pdf
    • http://muicuiu.dumb1.com/1a03a07a02a08a09/Green-Grass-Running-Water-by-Thomas-King.pdf
    • http://muicuiu.dumb1.com/4a04a04a09a03/Green-Grass-Running-Water-by-Thomas-King.pdf
    • http://muicuiu.dumb1.com/3a06a08a07a06a06/Running-on-Empty-Contemplative-Spirituality-for-Overachievers-by-Fil-Anderson.pdf
    • http://muicuiu.dumb1.com/4a09a06a06a00a09/1001-Songs-You-Must-Hear-Before-You-Die-by-Robert-Dimery.pdf
    • http://muicuiu.dumb1.com/5a09a01a04a06/Running-Through-Corridors-Volume-1-The-60s---Rob-and-Toby-s-Marathon-Watch-of-Doctor-Who-by-Robert-Shearman.pdf
    • http://muicuiu.dumb1.com/1a07a02a03/Dreamland-by-Robert-L-Anderson.pdf
    • http://muicuiu.dumb1.com/3a04a01a05a06a01/Water-s-Edge-by-Robert-Whitlow.pdf
    • http://muicuiu.dumb1.com/6a06a06a00a03a04/Paul-Gauguin-by-Robert--Anderson.pdf
    • http://muicuiu.dumb1.com/2a05a00a09a02a07/Mindful-Running-How-Meditative-Running-can-Improve-Performance-and-Make-you-a-Happier-More-Fulfilled-Person-by-MacKenzie-L-Havey.pdf
    • http://muicuiu.dumb1.com/4a02a03a00/Dark-Water-Detective-Erika-Foster-3-by-Robert-Bryndza.pdf
    • http://muicuiu.dumb1.com/2a05a04a07a00a08/The-Generals-Ulysses-S-Grant-amp-Robert-E-Lee-by-Nancy-Scott-Anderson.pdf
    • http://muicuiu.dumb1.com/2a05a01a07a01a04/Running-With-the-Devil-Running-1-by-Lorelei-James.pdf
    • http://muicuiu.dumb1.com/4a07a06a03a05/Dark-Water-Flood-and-Redemption-in-the-City-of-Masterpieces-by-Robert-Clark.pdf
    • http://muicuiu.dumb1.com/1a08a02a06a06a01/Plausibility-by-Jettie-Woodruff.pdf
    • http://muicuiu.dumb1.com/2a05a00a08a09a07/Barefoot-Running-Step-by-Step-Barefoot-Ken-Bob-The-Guru-of-Shoeless-Running-Shares-His-Personal-Technique-by-Roy-Wallack.pdf
    • http://muicuiu.dumb1.com/3a04a01a00a09a06/Water-Is-The-Indispensability-of-Water-in-Society-and-Life-by-Seth-B-Darling.pdf
    • http://muicuiu.dumb1.com/3a04a03a04a01a03/Wes-Anderson-Collection-Bad-Dads-Art-Inspired-by-the-Films-of-Wes-Anderson-by-Spoke-Gallery.pdf
    • http://muicuiu.dumb1.com/1a08a02a04a06a07/This-Too-Shall-Pass-Time-2-by-Jettie-Woodruff.pdf
    • http://muicuiu.dumb1.com/6a06a06a00a03a04/Paul-Gauguin-by-Robert--And

Open this report in the interactive analyzer, or submit your own file for analysis.