Malicious PDF — malware analysis report

Static analysis result for SHA-256 39285ca703cacc71…

MALICIOUS

PDF

15.9 KB Created: 2019-09-06 06:45:06 +01:00 Authoring application: mPDF 5.7
MD5: cb9785faec2f5cac2ae6a9de792a747e SHA-1: 72a1cdc93b529ae4ddc7b2abe36144b2b2c91f44 SHA-256: 39285ca703cacc71473b95b0738e41bf2716ec6b0ccc6e5b3043bb58ce4f380f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a multitude of external websites, likely for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9892

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1735731733732737/Journey-in-Blue-A-Novel-About-Hans-Christian-Andersen-by-Stig-Dalager.pdf
    • http://cefasfese.4pu.com/1738734733734732/The-Complete-Hans-Christian-Andersen-Fairy-Tales-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/8732731738737735/Fairy-Tales-from-Hans-Christian-Andersen-1910-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/6735739738734736/Hans-Andersen-s-Fairy-Tales-Pictured-by-Mabel-Lucie-Attwell-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/3732738731731732/Hans-Andersen-s-Fairy-Tales-Retold-by-Naomi-Lewis-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/7737733732730733/Contes-d-Andersen-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/4736737730738737/Ole-Luk-Oie-The-Dream-God-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/9737731736730735/The-Races-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/1731736730733737730/Die-Nachtigall-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/8733734732737/The-Little-Mermaid-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/8737735731735/The-Snow-Queen-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/1733734739732731/Best-Loved-Stories-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/4730739732738/The-Snow-Queen-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/1731737738738735733/The-Little-Match-Girl-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/9732734734734731/Holger-Danske-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/1730738735731731737/The-Ugly-Duckling-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/1730738735730736734/Fairy-Tales-4-Volume-Set-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/3734733732733734/The-Snow-Queen-A-Tale-in-Seven-Stories-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/1731733731732739738/M-rchenbuch-Die-sch-nsten-M-rchen-f-r-Kinder-und-Erwachsene-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/2733733730735737/Grimms-Fairy-Tales-and-Andersen-s-Fairy-Tales-by-Hans-Christian-Andersen.pdf
    • http://cefasfese.4pu.com/8733734732737/The-Little-Mermaid-by-Hans-Christian-An

Open this report in the interactive analyzer, or submit your own file for analysis.