Malicious PDF — malware analysis report

Static analysis result for SHA-256 07b71535daf60106…

MALICIOUS

PDF

17.1 KB Created: 2019-11-28 22:23:57 +00:00 Authoring application: mPDF 5.7
MD5: d317cecd92646281d8f7bc0189cbb2fc SHA-1: 08aab964d25af689e9d21fa6e24e9b2d9cf7b5d9 SHA-256: 07b71535daf60106f870f7ae5806c32e18ad739c83feac78055f6448574d1210
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files hosted on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a mechanism to distribute further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9788

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/8730733739739733/Lucas-Sur-La-Route-with-CD-Lire-En-Francais-Facile-B1-by-LaMarche.pdf
    • http://cefasfese.4pu.com/8732735732737731/Les-Fran-ais-id-es-re-ues-sur-les-Fran-ais-by-Nelly-Mauchamp.pdf
    • http://cefasfese.4pu.com/4735733730739/Across-The-Hall-by-N-M-Facile.pdf
    • http://cefasfese.4pu.com/9734733738733732/Dictionary-for-Automotive-Engineering-Dictionnaire-Du-Genie-Automobile-Worterbuch-Fur-Kraftfahrzeugtechnik-English-French-German-with-Explanations-of-French-and-German-Terms-Anglais-Francais-Allemand-Avec-Definitions-Des-Termes-Francais-Et-Allem-by-Jean-de-Coster.pdf
    • http://cefasfese.4pu.com/7738730739733738/Tricot-facile-pour-b-b-by-Various.pdf
    • http://cefasfese.4pu.com/7738731731737734/Tricot-facile-en-20-le-ons-by-Erika-Knight.pdf
    • http://cefasfese.4pu.com/6736730737731738/-facile-vivere-a-lungo-se-sai-come-fare-by-Seneca.pdf
    • http://cefasfese.4pu.com/7737735739734733/Lucas-Davenport-Novels-1-5-Lucas-Davenport-1-5-by-John-Sandford.pdf
    • http://cefasfese.4pu.com/7733732731738736/Proie-facile-Rivages-Noir-by-John-Harvey.pdf
    • http://cefasfese.4pu.com/8730730735733735/L-art-de-lire-by-mile-Faguet.pdf
    • http://cefasfese.4pu.com/5739732732733737/Lire-Didier-Daeninckx-by-Gianfranco-Rubino.pdf
    • http://cefasfese.4pu.com/8730730735733732/Second-Chance-Hearts-Holiday-Vermont-4-by-Heather-Lire.pdf
    • http://cefasfese.4pu.com/7737735735732733/Lire-Tintin-Les-Bijoux-ravis-by-Les-Impressions-nouvelles.pdf
    • http://cefasfese.4pu.com/3734735738739737/Five-Summers-by-Una-LaMarche.pdf
    • http://cefasfese.4pu.com/1732734731732739/Five-Summers-by-Una-LaMarche.pdf
    • http://cefasfese.4pu.com/1734739738737737/The-Raft-by-Jim-LaMarche.pdf
    • http://cefasfese.4pu.com/8730734730732734/The-Clich-ist-by-Amanda-Lamarche.pdf
    • http://cefasfese.4pu.com/8730734731730737/Je-Me-Veux-by-Claude-Lamarche.pdf
    • http://cefasfese.4pu.com/8730734731731735/The-Gumshoe-by-Kathleen-Lamarche.pdf
    • http://cefasfese.4pu.com/8730734731731732/ABA-Overview-by-Michele-Lamarche.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.