Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a385d948830d947…

MALICIOUS

PDF

18.3 KB Created: 2019-11-07 10:07:43 +00:00 Authoring application: mPDF 5.7
MD5: d54b14b62e478faf29c6a57627afec73 SHA-1: a2545a15a2d23312f06eaf52f150c96a6e4dfbb8 SHA-256: 1a385d948830d9479de39b21ea5fff3cc02c7176a33344ebe2cebe27ab0a6c8a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. While most of these links were classified as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The ML_NYX_PDF_MALICIOUS classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9912

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6739737734739736/The-Tyrannosaur-Chronicles-The-Biology-of-the-Tyrant-Dinosaurs-by-David-Hone.pdf
    • http://cefasfese.4pu.com/3737731736734731/The-Diary-of-Philip-Hone-1828-1851-by-Philip-Hone.pdf
    • http://cefasfese.4pu.com/1730730733732733/The-Pyraenian-Chronicles-Volume-One-Rise-of-the-Tyrant-by-G-C-Sinclair.pdf
    • http://cefasfese.4pu.com/1734739737739739/Tyrant-Storm-of-Arrows-Tyrant-2-by-Christian-Cameron.pdf
    • http://cefasfese.4pu.com/1731739735735736/Tyrant-Tyrant-1-by-Christian-Cameron.pdf
    • http://cefasfese.4pu.com/2732737731730730/Danny-and-the-Wrath-of-the-Dinosaurs-by-David-T-Lee.pdf
    • http://cefasfese.4pu.com/2732737731736731/Danny-and-the-Invasion-of-the-Dinosaurs-by-David-T-Lee.pdf
    • http://cefasfese.4pu.com/2735735737735736/Dinosaurs---The-Grand-Tour-Everything-Worth-Knowing-About-Dinosaurs-from-Aardonyx-to-Zuniceratops-by-Keiron-Pim.pdf
    • http://cefasfese.4pu.com/6731731730732736/Dinosaurs-Dinosaurs-by-Byron-Barton.pdf
    • http://cefasfese.4pu.com/6733731734738/Shape-Shifter-by-Hone-Tuwhare.pdf
    • http://cefasfese.4pu.com/1736735737730/Dorothy-L-Sayers-A-Literary-Biography-by-Ralph-E-Hone.pdf
    • http://cefasfese.4pu.com/7736737734732737/Harry-and-the-Dinosaurs-Go-To-School-Harry-and-the-Dinosaurs-by-Ian-Whybrow.pdf
    • http://cefasfese.4pu.com/2732737739731733/The-Tyrant-s-Novel-by-Tom-Keneally.pdf
    • http://cefasfese.4pu.com/8734738734730737/Valkyria---Games-Valkyria-Chronicles-Valkyria-Chronicles-2-Valkyria-Chronicles-3-Valkyria-Chronicles-Valkyria-Chronicles-2-Valkyria-Chronicles-3-Action-Points-Challenges-of-the-Edy-Detachment-Class-Change-System-Col-Nonnenkof-by-Source-Wikia.pdf
    • http://cefasfese.4pu.com/4737730737737731/Tyrant-King-2-by-T-M-Frazier.pdf
    • http://cefasfese.4pu.com/6735737731730734/Learn-Biology-Learn-Biology-by-Mahi.pdf
    • http://cefasfese.4pu.com/4736732735738731/The-Tyrant-s-Shadow-by-Antonia-Senior.pdf
    • http://cefasfese.4pu.com/5730730737731735/Tyrant-of-the-Mind-by-Priscilla-Royal.pdf
    • http://cefasfese.4pu.com/4737737738731737/The-Tyrant-s-Law-The-Dagger-and-the-Coin-3-by-Daniel-Abraham.pdf
    • http://cefasfese.4pu.com/1736734735735733/Statesman-Bio-of-a-Space-Tyrant-5-by-Piers-Anthony.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.