Malicious PDF — malware analysis report

Static analysis result for SHA-256 fd42b7815691aa03…

MALICIOUS

PDF

13.1 KB Created: 2019-04-30 05:39:49 +01:00 Authoring application: mPDF 5.7
MD5: 1a1753b83170c59cc9cafe4db8a5fb84 SHA-1: 7069bbca75cdc6983c36160086153215415ec366 SHA-256: fd42b7815691aa036625dc91f53d0940ce8b12615f147e1100a5bf5024926d91
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. The ML classifier also flagged this PDF as malicious. While the document body is heavily corrupted, the presence of numerous links suggests a SEO poisoning or content redirection attack. No scripts were extracted, and the family is unknown.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a07a05a09a02a05/The-Door-of-Facade-by-Becky-Conrad.pdf
    • http://muicuiu.dumb1.com/2a03a03a06a05a09/An-Elegant-Fa-ade-Hawthorne-House-2-by-Kristi-Ann-Hunter.pdf
    • http://muicuiu.dumb1.com/2a03a02a02a01a03/The-Boy-from-Tomorrow-by-Camille-DeAngelis.pdf
    • http://muicuiu.dumb1.com/1a00a03a02a00a03a08/Lumen-by-Camille-Flammarion.pdf
    • http://muicuiu.dumb1.com/2a07a09a03a09a07/The-Way-of-Beauty-by-Camille-Di-Maio.pdf
    • http://muicuiu.dumb1.com/1a00a06a08a01a00a04/Claret-by-Camille-Etwas.pdf
    • http://muicuiu.dumb1.com/3a02a01a08/The-Assistants-by-Camille-Perri.pdf
    • http://muicuiu.dumb1.com/1a09a00a01a06/Teleny-and-Camille-by-Jon-Macy.pdf
    • http://muicuiu.dumb1.com/7a06a03a09a09a06/Snow-Vixens-by-Camille-Bardo.pdf
    • http://muicuiu.dumb1.com/3a09a00a06a00a09/An-Absent-Wife-by-Camille-Oster.pdf
    • http://muicuiu.dumb1.com/7a00a05a08a02a06/Sex-and-Violence-or-Nature-and-Art-by-Camille-Paglia.pdf
    • http://muicuiu.dumb1.com/7a04a00a00a05a05/Cooper-and-the-Big-Apple-by-Camille-Cohn.pdf
    • http://muicuiu.dumb1.com/2a01a09a04a04a07/Nefarious-Creatures-by-Camille-Caliman.pdf
    • http://muicuiu.dumb1.com/6a01a09a09a06a09/Camille-Claudel-by-Alma-H-Bond.pdf
    • http://muicuiu.dumb1.com/1a02a04a02a09a06/Curse-of-the-Golden-Fly-by-Camille-Singleton.pdf
    • http://muicuiu.dumb1.com/6a02a09a07/How-to-Behave-in-a-Crowd-by-Camille-Bordas.pdf
    • http://muicuiu.dumb1.com/5a04a07a08a02a06/Letters-To-His-Son-Lucien-by-Camille-Pissarro.pdf
    • http://muicuiu.dumb1.com/2a08a00a04a01/Suck-on-the-Marrow-by-Camille-T-Dungy.pdf
    • http://muicuiu.dumb1.com/8a08a03a01a05a02/Jane-s-Hysteria-by-Camille-Martin.pdf
    • http://muicuiu.dumb1.com/6a03a02a01a03a06/Ceux-de-la-gl-be-by-Camille-Lemonnier.pdf
    • http://muicuiu.dumb1.com/2a01a09a04a04a07/Nefarious-Creatures-by-Cami

Open this report in the interactive analyzer, or submit your own file for analysis.