Malicious PDF — malware analysis report

Static analysis result for SHA-256 263ce282fb323694…

MALICIOUS

PDF

18.2 KB Created: 2019-11-07 22:58:06 +00:00 Authoring application: mPDF 5.7
MD5: 4a9d672bc14ca6e4e50fa516f080bca0 SHA-1: a99c974d5a60001c57217eb029a57dd3f3a578db SHA-256: 263ce282fb323694d7e5ec670c25792498a36175d4740b43fc514d153121c721
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While most of these URLs were marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to distribute further malicious content. The DOC BODY section, though heavily obfuscated, also contains URLs pointing to the same domain.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3737731738736737/The-Adventures-of-Mister-Bubble---Mister-Bubble-and-the-Greedy-Triplets-Colour-It-Yourself-Edition-by-Luke-Mathius-Harlow.pdf
    • http://cefasfese.4pu.com/3737732730735737/The-Adventures-of-Mister-Bubble---Spot-the-Difference-by-Luke-Mathius-Harlow.pdf
    • http://cefasfese.4pu.com/5733732736730736/The-Bubble-The-Bubble-Adventures-Book-1-by-Tom-Courville.pdf
    • http://cefasfese.4pu.com/1730731734738732736/The-Castle-in-the-Bubble-Magic-Bubble-Wand-1-by-Lori-Forrest.pdf
    • http://cefasfese.4pu.com/1730738737732738736/Mister-Miller-and-Mister-Meyer-by-Birte-M-ller.pdf
    • http://cefasfese.4pu.com/2737734737730738/Sir-Hereward-and-Mister-Fitz-Three-Adventures-by-Garth-Nix.pdf
    • http://cefasfese.4pu.com/5733738731732734/The-Ice-Queen-and-Mister-McCarty-The-Ice-Queen-and-Mister-McCarty-1-by-Sebastian-Robichard.pdf
    • http://cefasfese.4pu.com/4732738732734731/The-Boy-in-the-Bubble-by-Ian-Strachan.pdf
    • http://cefasfese.4pu.com/1738735730739733/Happy-Bubble-by-Two-Astronauts.pdf
    • http://cefasfese.4pu.com/3731732738734734/Bubble-Trouble-by-Margaret-Mahy.pdf
    • http://cefasfese.4pu.com/2732737739730738/The-Bubble-Reputation-by-Cathie-Pelletier.pdf
    • http://cefasfese.4pu.com/1738730734737738/The-Bubble-Wrap-Boy-by-Phil-Earle.pdf
    • http://cefasfese.4pu.com/1731737737735730738/The-Carbon-Bubble-What-Happens-to-Us-When-It-Bursts-by-Jeff-Rubin.pdf
    • http://cefasfese.4pu.com/1734739734739730/Bubble-in-the-Bathtub-Doctor-Proctor-2-by-Jo-Nesb-.pdf
    • http://cefasfese.4pu.com/3730732737/Disrupted-My-Misadventure-in-the-Start-Up-Bubble-by-Dan-Lyons.pdf
    • http://cefasfese.4pu.com/3734731739736734/The-Boy-Who-Invented-the-Bubble-Gun-An-Odyssey-of-Innocence-by-Paul-Gallico.pdf
    • http://cefasfese.4pu.com/2731738736733732/Fire-Burn-and-Cauldron-Bubble-Jolie-Wilkins-1-by-H-P-Mallory.pdf
    • http://cefasfese.4pu.com/4734733733731/Fire-Burn-and-Cauldron-Bubble-Jolie-Wilkins-1-by-H-P-Mallory.pdf
    • http://cefasfese.4pu.com/1735734733732738/The-New-Empire-of-Debt-The-Rise-and-Fall-of-an-Epic-Financial-Bubble-by-William-Bonner.pdf
    • http://cefasfese.4pu.com/5736730737734732/When-the-Bubble-Bursts-Surviving-the-Canadian-Real-Estate-Crash-by-Hilliard-MacBeth.pdf
    • http://cefasfese.4pu.com/1738

Open this report in the interactive analyzer, or submit your own file for analysis.