Malicious PDF — malware analysis report

Static analysis result for SHA-256 3549a4d32aae85c0…

MALICIOUS

PDF

17.1 KB Created: 2019-05-02 05:27:03 +01:00 Authoring application: mPDF 5.7
MD5: 670630b9ecda11a9c38bfa94f6927f4f SHA-1: 2fa382985ceb97a2e6a3928b4fb19aa0d9a3ad8e SHA-256: 3549a4d32aae85c033dbe0ff63c65156278eca1a7494f5be9962cb5a9938e56b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a link farm with 23 external links, many of which point to other PDFs. The primary heuristic indicates a critical finding related to this link farm. While the document body is heavily obfuscated, the presence of numerous links suggests a tactic to drive traffic to external resources, potentially for SEO manipulation or to host malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7738731738738730/Nippon-Drinking-Sake-and-Staring-at-Fireflies-in-the-August-of-Cicadas-by-Jonathan-Hayes.pdf
    • http://cefasfese.4pu.com/9736734737736737/Fireflies-Glow-Worms-and-Lightning-Bugs-Identification-and-Natural-History-of-the-Fireflies-of-the-Eastern-and-Central-United-States-and-Canada-by-Lynn-Frierson-Faust.pdf
    • http://cefasfese.4pu.com/4739730737739733/A-Hard-Death-by-Jonathan-Hayes.pdf
    • http://cefasfese.4pu.com/4739730737739736/Precious-Blood-by-Jonathan-Hayes.pdf
    • http://cefasfese.4pu.com/8738739731734730/How-s-Your-Drink-Cocktails-Culture-and-the-Art-of-Drinking-Well-Cocktails-Culture-and-the-Art-of-Drinking-Well-by-Eric-Felten.pdf
    • http://cefasfese.4pu.com/7731730739731731/For-Heaven-s-Sake-For-Heaven-s-Sake-by-Sandy-Eisenberg-Sasso.pdf
    • http://cefasfese.4pu.com/1731731733737730/Staring-Up-At-The-Sun-by-Suzanne-Bugler.pdf
    • http://cefasfese.4pu.com/4739731736735735/Staring-at-the-Sun-by-Irvin-D-Yalom.pdf
    • http://cefasfese.4pu.com/4735733737738737/Staring-Back-by-Chris-Marker.pdf
    • http://cefasfese.4pu.com/9739734732734737/Rooke-s-Island-The-Prophecy-of-the-Staring-Eyes-by-S-K-Whalen.pdf
    • http://cefasfese.4pu.com/1737731738738735/August-Heat-Men-of-August-4-by-Lora-Leigh.pdf
    • http://cefasfese.4pu.com/1732732738731733/Still-the-Cicadas-Sing-by-Gregory-Gregoriadis.pdf
    • http://cefasfese.4pu.com/2736738737731731/Cicadas-in-Summer-by-Sara-Delaval.pdf
    • http://cefasfese.4pu.com/4734732732730737/Summer-of-the-Cicadas-by-Cole-Lavalais.pdf
    • http://cefasfese.4pu.com/2730736734738737/A-Symphony-of-Cicadas-by-Crissi-Langwell.pdf
    • http://cefasfese.4pu.com/4739738731736/Dragons-and-Cicadas-The-Society-On-Da-Run-by-L-39-Poni-Baldwin.pdf
    • http://cefasfese.4pu.com/3730733732730734/Fireflies-by-Cory-Archie.pdf
    • http://cefasfese.4pu.com/4732737738734739/Song-of-the-Fireflies-by-J-A-Redmerski.pdf
    • http://cefasfese.4pu.com/4738732735731732/Fireflies-by-Regina-Puckett.pdf
    • http://cefasfese.4pu.com/4730732736732735/Fireflies-by-Alice-Hoffman.pdf
    • http://cefasfese.4pu.com/8738739731734730/How-s-Your-Drink-Cocktails-Culture-a

Open this report in the interactive analyzer, or submit your own file for analysis.