Malicious PDF — malware analysis report

Static analysis result for SHA-256 24a09b8c6d16ec1a…

MALICIOUS

PDF

14.7 KB Created: 2019-11-07 21:08:38 +00:00 Authoring application: mPDF 5.7
MD5: 72f762f78fd396610eacc40795ddb3b7 SHA-1: af2f1aa71d0f65ed36d558b5fe6d5c21b90967da SHA-256: 24a09b8c6d16ec1a2536ad99b42148ef21f6f3dcf1acc5f20c17c513ef2b93a2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to host further malicious content. No scripts were extracted from this sample. The attack pattern is inferred from the link farm heuristic.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu
    • http://cefasfese.4pu.com/9736737738733734/Works-by-Truman-Capote-Books-by-Truman-Capote-Songs-With-Lyrics-by-Truman-Capote-in-Cold-Blood-the-Muses-Are-Heard-the-Dogs-Bark-by-Books-LLC.pdf
    • http://cefasfese.4pu.com/9736737738734736/First-and-Last-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/9732731737734731/Miriam-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/9736737738737737/Jug-of-Silver-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/5730734734734732/Breakfast-at-Tiffany-s-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/9732731737733734/Truman-Capote-by-James-C-Simmons.pdf
    • http://cefasfese.4pu.com/9732731737734730/The-Muses-Are-Heard-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/3734730735731738/Breakfast-at-Tiffany-s-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/2736731737733734/Breakfast-at-Tiffany-s-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/7732739730732730/Truman-Capote-by-Carlo-Natali.pdf
    • http://cefasfese.4pu.com/9736737738738730/The-Duke-in-His-Domain-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/4736732739734730/A-Christmas-Memory-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/4735732732732735/Breakfast-at-Tiffany-s-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/2738730739733735/The-Thanksgiving-Visitor-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/8736739739730/Children-On-Their-Birthdays-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/2734730731738734/Breakfast-at-Tiffany-s-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/7738734738734736/Breakfast-at-Tiffany-s---Folio-Society-Editon-by-Truman-Capote.pdf
    • http://cefasfese.4pu.com/9736737738733737/Truman-Capote-Enfant-Terrible-by-Robert-Emmet-Long.pdf
    • http://cefasfese.4pu.com/6738733734730731/Truman-Capote-A-Literary-Life-at-the-Movies-by-Tison-Pugh.pdf
    • http://cefasfese.4pu.com/9736737738738737/Truman-Capote-Dear-Heart-Old-Buddy-by-John-Malcolm-Brinnin.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.