Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d359174ab1ef484…

MALICIOUS

PDF

17.7 KB Created: 2019-05-02 06:47:08 +01:00 Authoring application: mPDF 5.7 First seen: 2021-06-17
MD5: 168a0f5601d4a33da2fcafb16af3d4a7 SHA-1: f4a2e552180234fa1b3e1141d7d788c62b85ae98 SHA-256: 0d359174ab1ef48459979a808dfa9cd74923ccadd69d89cea8e5ec4ddf47e506
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. While most linked URLs are marked as benign, the sheer volume and the heuristic firing indicate a malicious intent, likely for SEO manipulation or to redirect users to potentially harmful content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4734730735733736/-oku-The-Inner-Chambers-Volume-5-oku-The-Inner-Chambers-5-by-Fumi-Yoshinaga.pdf In PDF document text
    • http://cefasfese.4pu.com/1730735738730739/-oku-The-Inner-Chambers-Volume-1-oku-The-Inner-Chambers-1-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/4734730735733735/-oku-The-Inner-Chambers-Volume-4-oku-The-Inner-Chambers-4-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/2738734731730730/Fumi-Yoshinaga-s-Lovers-in-the-Night-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730735739730737730/What-Did-You-Eat-Yesterday-Volume-2-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730735739730737738/What-Did-You-Eat-Yesterday-Volume-3-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/2738733739731736/Ichigenme-The-First-Class-Is-Civil-Law-Volume-1-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/1731737730730738731/Chambers-Crossword-Lists---New-Edition-by-Chambers-Dictionaries.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730735734731739735/Chambers-s-Edinburgh-Journal-No-455-by-Robert-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/1731738731738731732/Chambers-s-Edinburgh-Journal-No-458-by-Robert-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730735739730738734/Don-t-Say-Anymore-Darling-by-Fumi-Yoshinaga.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730735734733739732/Chambers-s-Edinburgh-Journal-No-455-Volume-18-New-Series-September-18-1852-by-Various.pdfIn PDF document text
    • http://cefasfese.4pu.com/1731738732730734739/Chambers-s-Edinburgh-Journal-No-458-Volume-18-New-Series-October-9-1852-by-Various.pdfIn PDF document text
    • http://cefasfese.4pu.com/1739732734734738/Only-with-You-Only-Colorado-1-by-J-D-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/3738737733737736/The-Pineville-Heist-by-Lee-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/8735739735737733/Police-by-Robert-W-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/4737732732733736/The-Thirteenth-Torment-by-Pam-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/4731733738738737/Comfort-and-Joy-by-Joanna-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/7730730735737/The-Betrayer-by-Kimberley-Chambers.pdfIn PDF document text
    • http://cefasfese.4pu.com/3735738735737733/The-Wronged-by-Kimberley-Chambers.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.