Malicious PDF — malware analysis report

Static analysis result for SHA-256 f40a4a4e604cf5d4…

MALICIOUS

PDF

16.4 KB Created: 2019-04-30 05:24:29 +01:00 Authoring application: mPDF 5.7
MD5: 3caa6eec8d63a4ec775d1b2e030c3b0d SHA-1: b7018ea178f387299437a82e3653a62d4dcadb2c SHA-256: f40a4a4e604cf5d4956ab9b3826fd67e1e4909477e902e9181b7303bfda70846
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a malicious intent, likely to redirect users to malicious content or for SEO poisoning. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a03a07a04a03a09/Travelling-in-the-Family-Selected-Poems-by-Carlos-Drummond-de-Andrade.pdf
    • http://muicuiu.dumb1.com/5a02a04a05a01/Sentimento-do-Mundo-by-Carlos-Drummond-de-Andrade.pdf
    • http://muicuiu.dumb1.com/6a05a08a09a03a00/Selected-Poems-of-William-Carlos-Williams-New-Directions-Paperbook-by-William-Carlos-Williams.pdf
    • http://muicuiu.dumb1.com/2a05a03a09a06a00/Myself-with-Others-Selected-Essays-by-Carlos-Fuentes.pdf
    • http://muicuiu.dumb1.com/1a01a07a05a00a07a00/People-from-Santa-Fe-Argentina-Carlos-Monzon-Carlos-Reutemann-Andres-Nocioni-Sebastian-Spreng-Luciano-Figueroa-Carlos-Delfino-by-Source-Wikipedia.pdf
    • http://muicuiu.dumb1.com/3a04a01a09a00a00/Primeiro-caderno-do-aluno-de-poesia-Oswald-de-Andrade-by-Oswald-de-Andrade.pdf
    • http://muicuiu.dumb1.com/5a00a00a01a02/A-Suitcase-Full-of-Crows-Poems-by-Carlos-Reyes.pdf
    • http://muicuiu.dumb1.com/6a08a07a00a07a09/A-Bruise-Of-Ashes-Collected-Poems-1940-1992-by-Carlos-A-Angeles.pdf
    • http://muicuiu.dumb1.com/1a09a06a06a08a01/The-Selected-Poems-by-Li-Bai.pdf
    • http://muicuiu.dumb1.com/5a00a09a09a05a05/Selected-Poems-by-Don-Paterson.pdf
    • http://muicuiu.dumb1.com/1a05a08a04a07/Selected-Poems-by-Guillevic.pdf
    • http://muicuiu.dumb1.com/7a05a07a02a07/Selected-Poems-by-T-S-Eliot.pdf
    • http://muicuiu.dumb1.com/8a09a04a06a08/Selected-Poems-by-Rabindranath-Tagore.pdf
    • http://muicuiu.dumb1.com/4a05a09a03a04a08/Selected-Poems-by-Pierre-Reverdy.pdf
    • http://muicuiu.dumb1.com/7a05a06a03a01/Selected-Poems-by-Kenneth-Rexroth.pdf
    • http://muicuiu.dumb1.com/5a01a07a06a02a08/The-Selected-Poems-by-Oleh-Lysheha.pdf
    • http://muicuiu.dumb1.com/5a01a00a04a01/New-Selected-Poems-by-John-Matthias.pdf
    • http://muicuiu.dumb1.com/3a00a07a00a08/New-and-Selected-Poems-by-Mary-Oliver.pdf
    • http://muicuiu.dumb1.com/8a00a01a05a00a02/Selected-Poems-by-Eugenio-Montale.pdf
    • http://muicuiu.dumb1.com/1a09a03a02a06a05/Selected-Poems-by-Paul-Verlaine.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.