Malicious PDF — malware analysis report

Static analysis result for SHA-256 0bd364891b42e42f…

MALICIOUS

PDF

15.7 KB Created: 2019-05-03 05:45:05 +01:00 Authoring application: mPDF 5.7
MD5: 4a3a09d7bcb7fc20ed70a7202fadaa77 SHA-1: 5bcc377d6892131432f93a3918a5e1f2b8d2dd9c SHA-256: 0bd364891b42e42f7a1a76e367f65431b2c8e350e75590e9b5c6c47e77864467
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. While the extracted URLs are currently marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to host further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5734734735739730/L-Adjacent-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/9730731738738/Quantum-and-Woody-by-Priest-amp-Bright-Volume-3-And-So-by-Christopher-J-Priest.pdf
    • http://cefasfese.4pu.com/9735730738737730/The-Gradual-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/1730730730730738/The-Affirmation-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/1730737732730732/The-Separation-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/1733737732731739/The-Prestige-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/3736737731731732/The-Separation-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/4735733730737739/Inverted-World-by-Christopher-Priest.pdf
    • http://cefasfese.4pu.com/1731732739739739738/KLANG-A-Writer-s-Commentary-by-Christopher-J-Priest.pdf
    • http://cefasfese.4pu.com/8731735732731731/Titans-The-Lazarus-Contract-by-Christopher-J-Priest.pdf
    • http://cefasfese.4pu.com/1730731732737737731/Green-Lantern-Sleepers-Book-3-by-Christopher-J-Priest.pdf
    • http://cefasfese.4pu.com/4730736732737739/The-Priest-and-the-Medium-The-Amazing-True-Story-of-Psychic-Medium-B-Anne-Gehman-and-Her-Husband-Former-Jesuit-Priest-Wayne-Knoll-Ph-D-by-Suzanne-R-Giesemann.pdf
    • http://cefasfese.4pu.com/5739738733735732/Somewhere-in-Heaven-The-Remarkable-Love-Story-of-Dana-and-Christopher-Reeve-by-Christopher-Andersen.pdf
    • http://cefasfese.4pu.com/1738736739733732/Christopher-and-His-Kind-1929-1939-by-Christopher-Isherwood.pdf
    • http://cefasfese.4pu.com/4730738735739736/I-Am-Princess-X-by-Cherie-Priest.pdf
    • http://cefasfese.4pu.com/3739735736734730/One-of-Those-Days-by-Zathyn-Priest.pdf
    • http://cefasfese.4pu.com/2737737737730734/The-Statue-by-Zathyn-Priest.pdf
    • http://cefasfese.4pu.com/9735730737739738/Priest-by-Claire-Adams.pdf
    • http://cefasfese.4pu.com/9735730739735738/Priest-Volume-3-by-Min-Woo-Hyung.pdf
    • http://cefasfese.4pu.com/1737738730739737/One-of-Those-Days-by-Zathyn-Priest.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.