Malicious PDF — malware analysis report

Static analysis result for SHA-256 126fa0ebb2ee17c8…

MALICIOUS

PDF

16.3 KB Created: 2020-01-02 06:02:51 +00:00 Authoring application: mPDF 5.7
MD5: 5ab3b947e9eaf89c0216f1db172cb09f SHA-1: fee86199ebee1bb251a997b206c4a845e6bfcc5b SHA-256: 126fa0ebb2ee17c84570115c08a5be9c623bf41c809511bfd7039e59308e329f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. While many of these URLs are marked as benign, the sheer volume and the ML_NYX_PDF_MALICIOUS flag suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5733731737736731/Tragedia-in-tre-atti-La-serie-infernale-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/7736732731731737/Clues-to-Christie-The-Definitive-Guide-to-Miss-Marple-Hercule-Poirot-Tommy-amp-Tuppence-and-All-of-Agatha-Christie-s-Mysteries-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/7731731737736738/De-verfilmde-bestsellers-van-Agatha-Christie-Moord-in-de-Ori-nt-Expres-De-moordenaar-waagt-een-gok-Drama-in-drie-bedrijven-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/1730735736737733738/Murder-on-the-Orient-Express-The-Agatha-Christie-Collection-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/4737730734732/Best-Detective-Stories-of-Agatha-Christie-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/3737734730735735/Agatha-The-Real-Life-of-Agatha-Christie-by-Anne-Martinetti.pdf
    • http://cefasfese.4pu.com/2737730738733/The-Complete-Christie-An-Agatha-Christie-Encyclopedia-by-Matthew-Bunson.pdf
    • http://cefasfese.4pu.com/4730731733730737/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/8733730736730734/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/4738735731736733/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/4737735736734/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/7733733734737731/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/2738734739730732/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/3732732730731/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/5733731733732/And-Then-There-Were-None-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/3732735735736736/Five-Little-Pigs-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/3732735735736735/They-Came-To-Baghdad-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/4734735739730732/Three-Act-Tragedy-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/1730733731732737736/Ten-Little-Niggers-by-Agatha-Christie.pdf
    • http://cefasfese.4pu.com/3736730732736737/The-Chocolate-Box-by-Agatha-Christie.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.