Malicious PDF — malware analysis report

Static analysis result for SHA-256 310db232f5fd9eb9…

MALICIOUS

PDF

16.5 KB Created: 2020-01-03 01:53:43 +00:00 Authoring application: mPDF 5.7
MD5: e1b1efde32e67a14f3547320ebad06e6 SHA-1: 5ee35fbe897533965bec28da39caca94e17621b8 SHA-256: 310db232f5fd9eb900637d2426d6fd79173375033733f0ff8b3b5a621ae197af
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The primary attack pattern appears to be the hosting of a link farm, likely to manipulate search engine results or to serve as a distribution point for further malicious content, rather than direct user interaction within the document itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3739732735732738/Bruised-Bruised-1-by-Justin-Holley.pdf
    • http://cefasfese.4pu.com/4732735731735738/Hellraisers-The-Life-and-Inebriated-Times-of-Richard-Burton-Peter-O-Toole-Richard-Harris-amp-Oliver-Reed-by-Robert-Sellers.pdf
    • http://cefasfese.4pu.com/2735737735737739/Pieces-of-Eight-A-Story-of-Sex-amp-Love-Trust-amp-Betrayal-by-Michael-Richard-Reed-McLaughlin.pdf
    • http://cefasfese.4pu.com/4731739734735/A-Bruised-Heart-by-Yushekia-Mason.pdf
    • http://cefasfese.4pu.com/1735737736739734/From-Bruised-Fell-by-Jane-Finlay-Young.pdf
    • http://cefasfese.4pu.com/1730736735735736734/Holding-the-Bruised-Rose-Blossoms-of-an-Attempted-Genetic-Rinse-by-Thomas-L-Goss.pdf
    • http://cefasfese.4pu.com/9733737730733737/Piper-Reed-Navy-Brat-Piper-Reed-1-by-Kimberly-Willis-Holt.pdf
    • http://cefasfese.4pu.com/9736732733736732/Reed-Brothers-Boxed-Set-The-Reed-Brothers-1-3-by-Tammy-Falkner.pdf
    • http://cefasfese.4pu.com/7732738733739/The-Life-and-Times-of-Richard-Castro-Bridging-a-Cultural-Divide-by-Richard-Gould.pdf
    • http://cefasfese.4pu.com/1730733738732732/Where-by-Kit-Reed.pdf
    • http://cefasfese.4pu.com/7735737732735733/War-Over-Lemuria-Richard-Shaver-Ray-Palmer-and-the-Strangest-Chapter-of-1940s-Science-Fiction-by-Richard-Toronto.pdf
    • http://cefasfese.4pu.com/2736736730733732/Enclave-by-Kit-Reed.pdf
    • http://cefasfese.4pu.com/4736731730733/Beautiful-by-Amy-Reed.pdf
    • http://cefasfese.4pu.com/9732735737734732/Schiller-by-T-J-Reed.pdf
    • http://cefasfese.4pu.com/5737733735738736/Bronze-by-Kit-Reed.pdf
    • http://cefasfese.4pu.com/4731733738737738/Legally-Wed-by-Rick-R-Reed.pdf
    • http://cefasfese.4pu.com/1736733733736731/Armed-Camps-by-Kit-Reed.pdf
    • http://cefasfese.4pu.com/3731736739739735/Midsummer-Moon-by-Joy-Reed.pdf
    • http://cefasfese.4pu.com/3731737736/Beautiful-Distraction-by-J-C-Reed.pdf
    • http://cefasfese.4pu.com/8730739736732738/Coming-Together-Arm-in-Arm-in-Arm-by-Nobilis-Reed.pdf
    • http://cefasfese.4pu.com/7732738733739/The-Life-and

Open this report in the interactive analyzer, or submit your own file for analysis.