Malicious PDF — malware analysis report

Static analysis result for SHA-256 08ce119c79dd88c3…

MALICIOUS

PDF

16.1 KB Created: 2019-05-03 05:32:31 +01:00 Authoring application: mPDF 5.7
MD5: e57317aecb36edb3e70a4732b1c6bc95 SHA-1: ff03cf8b0919a875931b7974b69fd3609125c56c SHA-256: 08ce119c79dd88c3a64b78be901c95c3dbf39dbd8212f3394e9d65d0f78dfe8f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, forming a link farm. While the extracted URLs themselves are marked as benign, the sheer volume and the heuristic firing 'PDF_SEO_LINK_FARM' suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/8732738736730730/Science-Tricks-by-M-S-Lehane.pdf
    • http://cefasfese.4pu.com/8732738734731730/Dennis-Lehane-Collection-Sacred-Gone-Baby-Gone-Prayers-for-Rain-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/8734733739731731/Porcelaine-Dog-Activities-Porcelaine-Dog-Tricks-Games-amp-Agility-Includes-Porcelaine-Dog-Beginner-to-Advanced-Tricks-Fun-Games-Agility-amp-More-by-Alan-Newman.pdf
    • http://cefasfese.4pu.com/1730730737733737734/Affen-Tzu-Activities-Affen-Tzu-Tricks-Games-amp-Agility-Includes-Affen-Tzu-Beginner-to-Advanced-Tricks-Fun-Games-Agility-amp-More-by-Keith-Greene.pdf
    • http://cefasfese.4pu.com/1738736739737734/The-Given-Day-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/8732738734731738/What-Goes-Around-Comes-Around-Brian-McNulty-2-by-Con-Lehane.pdf
    • http://cefasfese.4pu.com/4731735739731738/Since-We-Fell-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/3737735737739/The-Given-Day-Coughlin-1-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/4736737731734739/Shutter-Island-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/6731732730731738/Boston-Noir-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/3735731739738735/Mystic-River-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/8732738736730731/Biology-of-the-Insect-Midgut-by-M-J-Lehane.pdf
    • http://cefasfese.4pu.com/4736735736730738/Mystic-River-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/8732738734735731/The-Power-Of-Plants-by-Brendan-Lehane.pdf
    • http://cefasfese.4pu.com/1737739732739733/Live-by-Night-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/8732738734731734/Early-Celtic-Christianity-by-Brendan-Lehane.pdf
    • http://cefasfese.4pu.com/8732738735733739/Coming-Home-MC-Romance-by-Shelley-Lehane.pdf
    • http://cefasfese.4pu.com/1730735730733733736/Murder-at-the-42nd-Street-Library-by-Con-Lehane.pdf
    • http://cefasfese.4pu.com/3734732735730736/Gone-baby-gone-Kenzie-and-Gennaro-4-by-Dennis-Lehane.pdf
    • http://cefasfese.4pu.com/4733731737731/Sacred-Kenzie-amp-Gennaro-3-by-Dennis-Lehane.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.