Malicious PDF — malware analysis report

Static analysis result for SHA-256 34b6980790768c1c…

MALICIOUS

PDF

14.6 KB Created: 2019-11-07 21:28:42 +00:00 Authoring application: mPDF 5.7
MD5: 399ecf4c10fa1a2f75ab41eb0ff7fd0e SHA-1: 06cddfa87333ed5e1651fbff52d308fe671ae9a0 SHA-256: 34b6980790768c1c1486450fc40e3cd5eb56906c6f17f047779e285b48848185
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, all pointing to the same domain 'cefasfese.4pu.com'. While the individual URLs appear to link to book titles, the sheer volume and the nature of the heuristic suggest a link farm or SEO spamming operation. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3734739737737739/Bite-the-Dust-Blood-and-Moonlight-1-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/2730735735736735/A-Bit-of-Bite-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/2730736735732735/A-Bit-of-Bite-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/1734738734733732/The-Better-to-Bite-Howl-1-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/2730736730730734/Bound-by-Blood-Bound-1-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/6730734737731/The-Dust-Lands-Trilogy-Blood-Red-Road-Rebel-Heart-Raging-Star-Dust-Lands-1-3-by-Moira-Young.pdf
    • http://cefasfese.4pu.com/1734735735737730/Die-For-Me-For-Me-1-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/8739733731739/Fear-For-Me-For-Me-2-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/3734737733738739/Need-Me-Dark-Obsession-3-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/4738736731736733/Wrecked-LOST-6-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/9739734735732737/Charming-the-Beast-Purgatory-3-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/4738732737734/I-ll-Be-Slaying-You-Night-Watch-2-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/9735735736734731/Firebird---Lodernde-Sehnsucht-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/1731736730738/Angel-in-Chains-The-Fallen-3-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/1731732738730734738/Undead-Or-Alive-Bad-Things-3-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/4737738730737/Angel-Betrayed-The-Fallen-2-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/3734739737738736/Deal-With-The-Devil-Purgatory-4-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/3734737733738737/Beware-of-Me-Dark-Obsession-4-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/6737738737735/Glitter-and-Gunfire-Shadow-Agents-4-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/3734739737738732/Suspicions-The-Battling-McGuire-Boys-3-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/4738732737734/I-ll-Be-Slaying-

Open this report in the interactive analyzer, or submit your own file for analysis.