Malicious PDF — malware analysis report

Static analysis result for SHA-256 03a38735e0a92ab9…

MALICIOUS

PDF

14.5 KB Created: 2019-05-27 13:17:06 +01:00 Authoring application: mPDF 5.7
MD5: caba42acc5e4bd6eb50643f7c4b5549d SHA-1: 9cba3335de76924c66d89b0df697144d09a24886 SHA-256: 03a38735e0a92ab9f9a52745f3f25e3598f698ea8092c6b28b3d98a416aac4a8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. While many of these URLs were flagged as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO poisoning or to distribute further malicious content. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3739732736738730/Not-a-Drill-Jack-Reacher-18-5-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4730735731738730/61-Hours-Jack-Reacher-14-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4730735730735/Persuader-Jack-Reacher-7-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4735737730730734/61-Hours-Jack-Reacher-14-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/2732732731731736/A-Wanted-Man-Jack-Reacher-17-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/3739732735738735/Personal-Jack-Reacher-19-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/3736735737738/The-Enemy-Jack-Reacher-8-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/5730730733736737/Without-Fail-Jack-Reacher-6-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4738730739733/Without-Fail-Jack-Reacher-6-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/5730731732732735/Tripwire-Jack-Reacher-3-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4734737730735/A-Wanted-Man-Jack-Reacher-17-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4737733734738/Nothing-to-Lose-Jack-Reacher-12-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/2736735732736732/Killing-Floor-Jack-Reacher-1-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/4733739732/Night-School-Jack-Reacher-21-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/9731737738/Past-Tense-Jack-Reacher-23-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/1735733736739734/Night-School-Jack-Reacher-21-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/8734734731735739/Die-Jack-Reacher-Romane-Reihe-in-18-B-nden-by-Lee-Child.pdf
    • http://cefasfese.4pu.com/3735738736737735/Hit-the-Road-Jack-5-Novellas-The-Hunt-for-Jack-Reacher-1-5-by-Diane-Capri.pdf
    • http://cefasfese.4pu.com/3731730739737736/Get-Back-Jack-Hunt-For-Reacher-4-by-Diane-Capri.pdf
    • http://cefasfese.4pu.com/8735733734738736/Alexa-Book-4-Starring-Alexa-Guerra---The-Female-Jack-Reacher-Ultimate-Power-Alexa---The-Series-by-Arno-Joubert.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.