Malicious PDF — malware analysis report

Static analysis result for SHA-256 46d67b2d3b5b076e…

MALICIOUS

PDF

14.1 KB Created: 2019-05-02 05:47:34 +01:00 Authoring application: mPDF 5.7
MD5: efc6a3985ff3a4e295a9c80b2fc0c306 SHA-1: a18fb3e57bd931131614864154ff205927dbeb3f SHA-256: 46d67b2d3b5b076e15224ceb013ce817938176340bd54e5034923f864990ed5d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1059.001 Command and Scripting Interpreter: PowerShell

The PDF contains a large number of embedded links, identified as a PDF_SEO_LINK_FARM heuristic, suggesting a tactic to manipulate search engine results or distribute content. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic's critical severity indicate a malicious intent, likely to lure users to malicious sites or download further payloads. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7732733736737/Take-Four-Above-the-Line-4-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4731735730734/Take-Two-Above-the-Line-2-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4731733739730/Take-One-Above-the-Line-1-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/3735734733739735/Unlocked-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/2737733732730735/The-Chance-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4738733732730/Shades-of-Blue-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4738739739737739/Return-Redemption-3-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4731730734736/Someday-Sunrise-3-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4736732735730/Summer-Sunrise-2-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/3739736738737/Ever-After-Lost-Love-2-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4730736738731/Fame-Firstborn-1-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/8735732734733/Even-Now-Ever-After-Lost-Love-1-2-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/3733736735736736/Love-Story-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4731733738739/Sunset-Sunrise-4-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/7739738739735/Coming-Home-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/8731732736739/Loving-Bailey-Flanigan-4-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/7739733732731/Unlocked-A-Love-Story-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/2733734735736739/Learning-Bailey-Flanigan-2-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/4731732733731/A-Time-to-Dance-Timeless-Love-1-by-Karen-Kingsbury.pdf
    • http://cefasfese.4pu.com/5730731739735738/A-Treasury-of-Christmas-Miracles-True-Stories-of-God-s-Presence-Today-by-Karen-Kingsbury.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.