Malicious PDF — malware analysis report

Static analysis result for SHA-256 27684a6fae26b6f0…

MALICIOUS

PDF

13.6 KB Created: 2019-05-02 17:25:02 +01:00 Authoring application: mPDF 5.7
MD5: 736103a06345c4bcd7010f886547e44e SHA-1: c512c0a9192d4bbcc4602a1f82047039ed26fc26 SHA-256: 27684a6fae26b6f0d05e88dedd535ff8f3b579fe4ad4b9ddff7cf8ee157d5f8e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm. While the URLs themselves are marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent to drive traffic or potentially host further stages of an attack. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4734735736730733/Jeff-McLean-His-Courtship-McLean-2-by-Stephen-B-Castleberry.pdf
    • http://cefasfese.4pu.com/3736737737735/More-Than-This-More-Than-1-by-Jay-McLean.pdf
    • http://cefasfese.4pu.com/2735735731732738/More-Than-This-More-1-by-Jay-McLean.pdf
    • http://cefasfese.4pu.com/1737731739735734/More-Than-Forever-More-Than-4-by-Jay-McLean.pdf
    • http://cefasfese.4pu.com/1735734738738731/Catalyst-by-Matti-McLean.pdf
    • http://cefasfese.4pu.com/2739732731732731/Fear-s-Accomplice-by-T-M-McLean.pdf
    • http://cefasfese.4pu.com/1730731738738736736/The-Van-Apfel-Girls-Are-Gone-by-McLean.pdf
    • http://cefasfese.4pu.com/3738737732738735/Mana-Pool-by-L-J-McLean.pdf
    • http://cefasfese.4pu.com/3730732731734732/Where-the-Road-Takes-Me-by-Jay-McLean.pdf
    • http://cefasfese.4pu.com/3733731739730735/How-to-Succeed-in-Evil-by-Patrick-E-McLean.pdf
    • http://cefasfese.4pu.com/4736730734737731/Logan-Preston-Brothers-2-by-Jay-McLean.pdf
    • http://cefasfese.4pu.com/3737738732736736/The-Cave-by-Anne-McLean-Matthews.pdf
    • http://cefasfese.4pu.com/2738738738731735/How-to-Succeed-in-Evil-by-Patrick-E-McLean.pdf
    • http://cefasfese.4pu.com/4734737738734734/The-Mask-of-Gold-by-Alan-A-McLean.pdf
    • http://cefasfese.4pu.com/8734737736731731/Distant-Serenade-by-Michael-McLean.pdf
    • http://cefasfese.4pu.com/1730735737731733737/Maori-Music-by-Mervyn-McLean.pdf
    • http://cefasfese.4pu.com/2730739736730739/Stories-from-the-Vinyl-Cafe-by-Stuart-McLean.pdf
    • http://cefasfese.4pu.com/5730731735738737/Dave-Cooks-the-Turkey-by-Stuart-McLean.pdf
    • http://cefasfese.4pu.com/7735730730735737/The-Complete-Bouvier-des-Flandres-by-Claire-D-McLean.pdf
    • http://cefasfese.4pu.com/6735731730734734/Eternity-Invading-Time-by-Renny-G-McLean.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.