Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe7a54cd3f535653…

MALICIOUS

PDF

19.0 KB Created: 2019-05-07 08:29:40 +01:00 Authoring application: mPDF 5.7
MD5: 2f4d19910ce196428e39aa38219e782a SHA-1: 98eefcb1a708d89201bc8863c8dee8b5e45f772b SHA-256: fe7a54cd3f535653bc4bdf2240f74d520a7112741640d84366d3aba247866524
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a link farm with 25 external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The embedded URLs, while individually marked as benign, collectively form a deceptive pattern designed to lead users to potentially malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/2a00a09a08a05a07/Sylvia-Day-Crossfire-Series-Boxed-Set-Bared-to-You-Reflected-in-You-Entwined-with-You-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/3a07a05a09a07a01/Entwined-with-You-Crossfire-3-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/1a03a02a03a04a06/Entwined-with-You-Crossfire-3-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/4a01a00a09a04a08/Entwined-with-You-Crossfire-3-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/1a02a04a07a04a09/Crossfire-Boxed-Set-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/1a03a02a07a03a00/Bared-to-You-Crossfire-1-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/1a00a03a09a01a00a01/Bared-to-You-Crossfire-1-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/1a03a02a05a06a07/Reflected-in-You-Crossfire-2-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/3a02a06a05a08a09/Captivated-by-You-Crossfire-4-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/5a02a04a06a09a03/D-voile-moi-S-rie-Crossfire---Tome-1-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/5a08a06a09a08a06/D-voile-moi-S-rie-Crossfire---Tome-1-SEMI-POCHE-LITT-by-Sylvia-Day.pdf
    • http://muicuiu.dumb1.com/2a06a03a05a01a00/Caught-in-the-Crossfire-Crossfire-1-by-Juliann-Rich.pdf
    • http://muicuiu.dumb1.com/5a00a04a03a06a04/Crossfire-Crossfire-1-by-Nancy-Kress.pdf
    • http://muicuiu.dumb1.com/3a02a07a04a07a01/Love-Entwined-Entwined-1-by-M-C-Decker.pdf
    • http://muicuiu.dumb1.com/2a02a02a08a00a08/The-Sylvia-Browne-Book-Collection-Boxed-Set-Includes-Sylvia-Browne-s-Book-of-Angels-If-You-Could-See-What-I-See-and-Secrets-Mysteries-of-the-World-by-Sylvia-Browne.pdf
    • http://muicuiu.dumb1.com/3a00a09a02a07a07/Sylvia-s-Family-Soul-Food-Cookbook-From-Hemingway-South-Carolina-To-Harlem-by-Sylvia-Woods.pdf
    • http://muicuiu.dumb1.com/1a05a06a00a04a06/Your-Own-Sylvia-A-Verse-Portrait-of-Sylvia-Plath-by-Stephanie-Hemphill.pdf
    • http://muicuiu.dumb1.com/7a08a09a02a06a08/Poetry-by-Sylvia-Plath-Ariel-Ennui-Daddy-Lady-Lazarus-Two-Lovers-and-a-Beachcomber-by-the-Real-Sea-the-Munich-Mannequins-by-Sylvia-Plath.pdf
    • http://muicuiu.dumb1.com/7a03a00a09a02/The-Element-of-Lavishness-Letters-of-William-Maxwell-and-Sylvia-Townsend-Warner-1938-1978-by-Sylvia-Townsend-Warner.pdf
    • http://muicuiu.dumb1.com/4a03a01a05a08a00/In-The-Crossfire-by-Yelena-Lugin.pdf
    • http://muicuiu.dumb1.com/5a02a04a06a09a03/D-voile-moi-

Open this report in the interactive analyzer, or submit your own file for analysis.