Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc7c6cf1178614d6…

MALICIOUS

PDF

15.7 KB Created: 2019-04-30 02:04:28 +01:00 Authoring application: mPDF 5.7
MD5: b9084bd3ddf2de08d17f55bb896af77d SHA-1: eac60791829997d35df7268d1045ed2d308aedaa SHA-256: fc7c6cf1178614d647e2871aff2cf3e8f2a735677f9fdffccbb3c53a4868caea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While most of these links point to benign content, the sheer volume and the ML_NYX_PDF_MALICIOUS classification suggest a malicious intent, likely to manipulate search engine results or distribute malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a06a07a00a05a05/Murder-in-Cairo-Payback-Is-a-Bitch-by-B-Butler.pdf
    • http://muicuiu.dumb1.com/1a00a01a02a00a09a07/Payback-s-A-Bitch-Awkward-Love-6-by-Missy-Johnson.pdf
    • http://muicuiu.dumb1.com/1a00a01a01a09a07a01/The-Paybacks-Volume-1-Payback-s-A-Bitch-by-Donny-Cates.pdf
    • http://muicuiu.dumb1.com/4a02a09a09a03a01/Is-It-Still-Murder-Even-If-She-Was-a-Bitch-by-Robin-Leemann-Donovan.pdf
    • http://muicuiu.dumb1.com/3a03a07a08a03a08/Life-s-a-Bitch-The-Complete-Bitchy-Bitch-Stories-by-Roberta-Gregory.pdf
    • http://muicuiu.dumb1.com/5a08a09a01/Bitch-Planet-Vol-2-President-Bitch-by-Kelly-Sue-DeConnick.pdf
    • http://muicuiu.dumb1.com/5a03a04a08a04/Bitch-Reloaded-Bitch-2-by-Deja-King.pdf
    • http://muicuiu.dumb1.com/8a05a02a09a00a00/Boss-Bitch-Bitch-7-by-Deja-King.pdf
    • http://muicuiu.dumb1.com/3a07a05a05a08/The-Cairo-Trilogy-Palace-Walk-Palace-of-Desire-Sugar-Street-The-Cairo-Trilogy-1-3-by-Naguib-Mahfouz.pdf
    • http://muicuiu.dumb1.com/1a01a00a04a00a01a01/Der-Butler-03-Der-Butler-surft-von-F-hr-nach-Sylt-by-Curd-Cornelius.pdf
    • http://muicuiu.dumb1.com/3a06a09a03a08a00/A-Butler-Summer-Naim-Butler-2-by-Rahiem-Brooks.pdf
    • http://muicuiu.dumb1.com/8a05a02a09a02a04/Bitch-Chronicles-Bitch-Chronicles-1-5-by-Deja-King.pdf
    • http://muicuiu.dumb1.com/1a00a01a02a01a07a01/WW-III-Payback-A-Novel-by-Ian-Slater.pdf
    • http://muicuiu.dumb1.com/4a04a06a08a02a04/The-Big-Payback-by-Dan-Charnas.pdf
    • http://muicuiu.dumb1.com/3a04a03a07a06a09/What-the-Butler-Winked-At-Being-the-Life-and-Adventures-of-Eric-Horne-Butler-by-Eric-Horne.pdf
    • http://muicuiu.dumb1.com/4a05a00a02a01a02/Cairo-by-Chris-Womersley.pdf
    • http://muicuiu.dumb1.com/1a03a03a08a03a06/Cairo-by-G-Willow-Wilson.pdf
    • http://muicuiu.dumb1.com/3a07a08a04a04a04/Payback-by-Gert-Ledig.pdf
    • http://muicuiu.dumb1.com/3a07a05a04a08a03/Payback-by-Kimberley-Chambers.pdf
    • http://muicuiu.dumb1.com/2a02a04a04a04a07/Payback-by-John-Inman.pdf
    • http://muicuiu.dumb1.com/3a07a05a05a08/The-Cairo-Trilogy-Palace

Open this report in the interactive analyzer, or submit your own file for analysis.