Malicious PDF — malware analysis report

Static analysis result for SHA-256 440a404ef166a608…

MALICIOUS

PDF

27.8 KB Created: 2020-01-02 06:04:24 +00:00 Authoring application: mPDF 5.7
MD5: 47ecbf4fa429b6884278d5e86e9a6dc0 SHA-1: 6dd4e79f6eed4eb73c24db67fa13f91655a75256 SHA-256: 440a404ef166a6083cf4cfa0025cadbfd58599ba85b20ec642cfb93ce57fc15d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF document contains a large number of embedded URLs, many of which are disguised as legitimate PDF file names related to the 'Jakobsweg' (Way of St. James). The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external links, suggesting a link farm or a phishing attempt to drive traffic to potentially malicious sites. The document body itself is heavily obfuscated and does not provide clear textual content, but the presence of numerous links points to a redirection or lure attack. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1731732737734732738/Jakobsweg-in-Osterreich-Wege-Der-Jakobspilger-Jakobsweg-Weinviertel-Jakobsweg-Osterreich-Sudosterreichischer-Jakobsweg-Jakobsweg-Oberes-Muhlviertel-Jakobsweg-Purkersdorf-Gottweig-Jakobsweg-Persenbeug-Sankt-Pantaleon-by-Source-Wikipedia.pdf
    • http://cefasfese.4pu.com/1731732737734737736/Jakobsweg-in-Spanien-Ort-Am-Jakobsweg-Camino-Aragones-Ort-Am-Jakobsweg-Camino-Frances-Ort-Am-Jakobsweg-Camino-Portugues-Ort-Am-Jak-by-Source-Wikipedia.pdf
    • http://cefasfese.4pu.com/1731736733737730734/Eine-Pilgerreise-zum-Ende-der-Welt-Abenteuer-ungew-hnliche-Erlebnisse-und-Legenden-vom-Jakobsweg-by-Michael-Sohmen.pdf
    • http://cefasfese.4pu.com/1731732737737738737/-Und-was-wenn-ich-mitkomme-Zu-zweit-unterwegs-auf-dem-Jakobsweg-Ein-Ehepaar-auf-dem-Jakobsweg-by-Eva-Prawitt.pdf
    • http://cefasfese.4pu.com/1731732737737738735/Reisevorbereitungen-f-r-den-Jakobsweg-Alles-was-du-ber-den-Jakobsweg-Wissen-sollte-by-Tim-Foss.pdf
    • http://cefasfese.4pu.com/1731732737737738732/Reisen-auf-dem-Jakobsweg-Alles-was-du-ber-den-Jakobsweg-wissen-solltest-by-Tim-Voss.pdf
    • http://cefasfese.4pu.com/9733733735732735/Berlin-in-Lights-The-Diaries-of-Count-Harry-Kessler-1918-1937-by-Harry-Graf-Kessler.pdf
    • http://cefasfese.4pu.com/1731732738733732737/P-nktchens-Abenteuer-im-Zauberwald-Die-Abenteuer-von-P-nktchen-und-seinen-Freunden-1-by-Christiane-Kalbreyer.pdf
    • http://cefasfese.4pu.com/8738738733738730/Abenteuer-am-Blauen-Nil-Drei-Mann-ein-Boot-zum-Rudolfsee-Zwei-Abenteuer-in-einem-Band-by-R-diger-Nehberg.pdf
    • http://cefasfese.4pu.com/8738739732738739/Huckleberry-Finns-Abenteuer-Mark-Twains-Abenteuer-in-f-nf-B-nden-Band-2-by-Mark-Twain.pdf
    • http://cefasfese.4pu.com/1731732737734733731/Der-Jakobsweg-by-Hartmut-P-nitz.pdf
    • http://cefasfese.4pu.com/1731736735736735735/Ansichten-40-K-nstler-Aus-sterreich-Im-Gespr-ch-Mit-Wolfgang-Drechsler-by-Wolfgang-Drechsler.pdf
    • http://cefasfese.4pu.com/1731732737734738733/Liebe-am-Jakobsweg-by-Marceline-Selm.pdf
    • http://cefasfese.4pu.com/1731732737736732730/Muschelmord-Tod-auf-dem-Jakobsweg-by-Tobias-B-scher.pdf
    • http://cefasfese.4pu.com/1731732737735735738/Blutspur-auf-dem-Jakobsweg-by-Gabriel-Mart-nez.pdf
    • http://cefasfese.4pu.com/1731733731730732734/Wolfgang-Mattheuer-Zum-70-Geburtstag-Graphikretrospektive-1948-1997-Sammlung-Hartmut-Koch-Chemnitz-Stadtische-Kunstsammlungen-Chemnitz-6-April--by-Wolfgang-Mattheuer.pdf
    • http://cefasfese.4pu.com/1731732737736732739/Westw-rts-Camineros-Auf-dem-Jakobsweg-by-Charlotte-Halink.pdf
    • http://cefasfese.4pu.com/1731732737735734737/Faszination-Portugiesischer-Jakobsweg-by-Dietmar-Bunse.pdf
    • http://cefasfese.4pu.com/9734732735735735/Jakobsweg-Die-Br-cke-der-K-nigin-by-Thomas-T-Horas.pdf
    • http://cefasfese.4pu.com/1730735734734737733/10-Variations-on-Unser-Dummer-P-Bel-Meint-by-Wolfgang-Amadeus-Mozart-for-Solo-Piano-1784-K-455-by-Wolfgang-Amadeus-Mozart.pdf
    • http://cefasfese.4pu.com/1731736733737730734/Eine-Pilgerreise-zum

Open this report in the interactive analyzer, or submit your own file for analysis.