Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d02e4fb45fb17b8…

MALICIOUS

PDF

16.1 KB Created: 2019-05-03 06:18:18 +01:00 Authoring application: mPDF 5.7
MD5: 8c5875a60b074eeeac99ff3b03d3d0a0 SHA-1: bd39e0e43d1d6ebbe5f782eb9f30e46dd3c049c7 SHA-256: 0d02e4fb45fb17b890f2858d505c4436215d57d58107bca95adc5998cc3e30bc
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and the heuristic firing of 'PDF_SEO_LINK_FARM' suggest a malicious intent, possibly for SEO manipulation or to indirectly host malicious content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1730732733735732736/Blue-Smoke-Tamar-Deane-Trilogy-3-by-Deborah-Challinor.pdf
    • http://cefasfese.4pu.com/2734739736730730/Behind-the-Sun-Convict-Girls-1-by-Deborah-Challinor.pdf
    • http://cefasfese.4pu.com/2730739731737738/Thin-Blue-Smoke-by-Doug-Worgul.pdf
    • http://cefasfese.4pu.com/1730738733733734738/Shadow-of-Night-by-Deborah-Harkness-Unabridged-MP3-CD-Audiobook-All-Souls-Trilogy-Book-2-by-Deborah-Harkness.pdf
    • http://cefasfese.4pu.com/3733739738730732/River-of-Smoke-Ibis-Trilogy-2-by-Amitav-Ghosh.pdf
    • http://cefasfese.4pu.com/2732731730734732/River-of-Smoke-Ibis-Trilogy-2-by-Amitav-Ghosh.pdf
    • http://cefasfese.4pu.com/4732735739732730/Lady-Smoke-Ash-Princess-Trilogy-2-by-Laura-Sebastian.pdf
    • http://cefasfese.4pu.com/2737731732736733/Blue-Willow-by-Deborah-Smith.pdf
    • http://cefasfese.4pu.com/7735733731739/River-of-Smoke-Ibis-Trilogy-Book-2-by-Amitav-Ghosh.pdf
    • http://cefasfese.4pu.com/9733732734739739/Blue-The-Blue-Trilogy-1-by-K-Nilsson.pdf
    • http://cefasfese.4pu.com/1735731732730739/Blue-Bells-of-Scotland-Blue-Bells-Trilogy-1-by-Laura-Vosika.pdf
    • http://cefasfese.4pu.com/3737738738738/The-Legend-of-the-Blue-Eyes-Blue-Eyes-Trilogy-1-by-B-Kristin-McMichael.pdf
    • http://cefasfese.4pu.com/1734736737739730/The-Legend-of-the-Blue-Eyes-Blue-Eyes-Trilogy-1-by-B-Kristin-McMichael.pdf
    • http://cefasfese.4pu.com/1733731739737/The-Great-Trouble-A-Mystery-of-London-the-Blue-Death-and-a-Boy-Called-Eel-by-Deborah-Hopkinson.pdf
    • http://cefasfese.4pu.com/1734737739737/Revolution-The-Sixties-Trilogy-2-by-Deborah-Wiles.pdf
    • http://cefasfese.4pu.com/7732733736734735/Deep-Blue-Deep-Blue-Trilogy-1-by-Kathleen-Duhamel.pdf
    • http://cefasfese.4pu.com/4730736736730/The-Book-of-Life-All-Souls-Trilogy-3-by-Deborah-Harkness.pdf
    • http://cefasfese.4pu.com/7736739731734/Shadow-of-Night-All-Souls-Trilogy-2-by-Deborah-Harkness.pdf
    • http://cefasfese.4pu.com/6735733732736732/The-Book-of-Life-All-Souls-Trilogy-3-by-Deborah-Harkness.pdf
    • http://cefasfese.4pu.com/1730734736732739730/Shadow-War-The-Ruby-Throne-Trilogy-2-by-Deborah-Chester.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.