Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa4b52cd0a09de83…

MALICIOUS

PDF

15.8 KB Created: 2019-05-04 13:57:09 +01:00 Authoring application: mPDF 5.7
MD5: e2c77f4cd11985545c99fe3e7e877f0b SHA-1: c5bf1b1ebca0cd5f11361093e9468af5adda0031 SHA-256: fa4b52cd0a09de831a23c7a85364b9cc25f81d7930d5c42b588ac71161a47ab6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs are presented in a way that suggests a link farm or a lure to external content, likely to drive traffic or distribute further malware. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9892

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.n
    • http://xiixmcuin.linkpc.net/3209201205208/When-Hitler-Stole-Pink-Rabbit-Out-of-the-Hitler-Time-1-by-Judith-Kerr.pdf
    • http://xiixmcuin.linkpc.net/9205205203204203/Collins-Modern-Classics-Homecoming-When-Hitler-Stole-Pink-Rabbit-The-Phantom-Tollbooth-by-Cynthia-Voigt.pdf
    • http://xiixmcuin.linkpc.net/6205203207206208/A-Small-Person-Far-Away-Out-of-the-Hitler-Time-3-by-Judith-Kerr.pdf
    • http://xiixmcuin.linkpc.net/1201204201207202202/Quando-Hitler-me-Roubou-o-Coelho-Cor-de-Rosa-by-Judith-Kerr.pdf
    • http://xiixmcuin.linkpc.net/3206206209200200/Hitler-s-Peace-by-Philip-Kerr.pdf
    • http://xiixmcuin.linkpc.net/4205202205209209/The-Hitler-Virus-The-Insidious-Legacy-of-Adolph-Hitler-by-Peter-Wyden.pdf
    • http://xiixmcuin.linkpc.net/4208207200202207/Hunting-Hitler-New-Scientific-Evidence-That-Hitler-Escaped-Nazi-Germany-by-Jerome-R-Corsi.pdf
    • http://xiixmcuin.linkpc.net/7204205205201201/Hitler-Speeches-and-Proclamations-1932-1945-English-Volume-III-1939-1940-Hitler-Speeches-and-Proclamations-1932-1945-by-Adolf-Hitler.pdf
    • http://xiixmcuin.linkpc.net/6205203207202200/Judith-Kerr-s-Creatures-by-Judith-Kerr.pdf
    • http://xiixmcuin.linkpc.net/3201206207200205/Mog-and-Bunny-by-Judith-Kerr.pdf
    • http://xiixmcuin.linkpc.net/3201208203207204/Mog-and-the-Baby-by-Judith-Kerr.pdf
    • http://xiixmcuin.linkpc.net/2203203209200208/The-End-of-Law-A-Novel-of-Hitler-s-Germany-by-Therese-Down.pdf
    • http://xiixmcuin.linkpc.net/3203204209208204/Hitler-s-Niece-by-Ron-Hansen.pdf
    • http://xiixmcuin.linkpc.net/1200207207207203202/Die-Akte-Hitler-by-J-rg-Fink.pdf
    • http://xiixmcuin.linkpc.net/3202207207202201/The-Littlest-Hitler-by-Ryan-Boudinot.pdf
    • http://xiixmcuin.linkpc.net/3208204204206203/Hitler-in-Hell-by-Martin-van-Creveld.pdf
    • http://xiixmcuin.linkpc.net/4200209202206200/Hitler-s-Angel-by-Kris-Rusch.pdf
    • http://xiixmcuin.linkpc.net/4203207202201204/Mein-Kampf-by-Adolf-Hitler.pdf
    • http://xiixmcuin.linkpc.net/9202202203208201/Hitler-A-Biography-by-Konrad-Heiden.pdf
    • http://xiixmcuin.linkpc.net/3201208203209/Hitler-s-Secret-by-William-Osborne.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.