Malicious PDF — malware analysis report

Static analysis result for SHA-256 14fa712c6f60f534…

MALICIOUS

PDF

14.3 KB Created: 2019-11-07 09:46:40 +00:00 Authoring application: mPDF 5.7
MD5: 2fd5e6f3136f0cbb12bd76039cb4d89d SHA-1: 97adc25a8c274466b4154349a61d6f34453dad06 SHA-256: 14fa712c6f60f5343d56d644dcb5780786c9f72bc90e56245c93faa15c64387e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which is indicative of malicious SEO manipulation or a link distribution scheme. While the document body is heavily obfuscated, the presence of numerous external links suggests an attempt to redirect the user to potentially malicious websites. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2738736736730738/The-Janitor-The-Contenders-1-by-Jan-Irving.pdf
    • http://cefasfese.4pu.com/1731738730732734730/The-Boxer-The-Contenders-2-by-Jan-Irving.pdf
    • http://cefasfese.4pu.com/2733736734738739/The-Janitor-s-Boy-by-Andrew-Clements.pdf
    • http://cefasfese.4pu.com/5738731733735/The-Gemini-Contenders-by-Robert-Ludlum.pdf
    • http://cefasfese.4pu.com/7737735735737736/Head-of-the-Class-Frindle-The-Landry-News-The-Janitor-s-Boy-by-Andrew-Clements.pdf
    • http://cefasfese.4pu.com/9734736731730737/The-Contenders-Excerpts-from-the-2013-National-Book-Award-Young-People-s-Literature-Finalists-by-Kathi-Appelt.pdf
    • http://cefasfese.4pu.com/4731731735730734/The-Complete-Tales-of-Washington-Irving-by-Washington-Irving.pdf
    • http://cefasfese.4pu.com/4733734736731738/Jesse-by-Jan-Irving.pdf
    • http://cefasfese.4pu.com/3735734739737738/The-Hired-Man-by-Jan-Irving.pdf
    • http://cefasfese.4pu.com/4731738733738737/Sam-s-Reviews-by-Jan-Irving.pdf
    • http://cefasfese.4pu.com/2731739732734/All-of-Us-Here-by-Irving-Feldman.pdf
    • http://cefasfese.4pu.com/2733735735732735/The-Pleasure-Slave-by-Jan-Irving.pdf
    • http://cefasfese.4pu.com/6733730737735739/The-Dhammapada-by-Irving-Babbitt.pdf
    • http://cefasfese.4pu.com/1731738734735732/Courier-by-Terry-Irving.pdf
    • http://cefasfese.4pu.com/4730737739737731/Still-Life-by-Irving-Penn.pdf
    • http://cefasfese.4pu.com/5738730736739734/Je-te-retrouverai-by-John-Irving.pdf
    • http://cefasfese.4pu.com/3730735737733730/Hitler-s-War-by-David-Irving.pdf
    • http://cefasfese.4pu.com/1732731738732730/The-Furies-by-Irving-McCabe.pdf
    • http://cefasfese.4pu.com/7733737733737/The-Seven-Minutes-by-Irving-Wallace.pdf
    • http://cefasfese.4pu.com/2730732730730738/Those-Who-Love-by-Irving-Stone.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.