Malicious PDF — malware analysis report

Static analysis result for SHA-256 46ef5c80c39b9d06…

MALICIOUS

PDF

14.0 KB Created: 2019-12-12 13:05:23 +00:00 Authoring application: mPDF 5.7
MD5: 7680e2c5e189eb494d8ccb82570be696 SHA-1: fcbfdc9ef013d517d803aa6e630d8e6f880b0a44 SHA-256: 46ef5c80c39b9d064f21c74a4098d55be7ce75641994b989ee770a6187384d87
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample, and the document body was not readable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2731739733731/Roger-s-Version-by-John-Updike.pdf
    • http://cefasfese.4pu.com/5737737734735730/Hub-Fans-Bid-Kid-Adieu-John-Updike-on-Ted-Williams-by-John-Updike.pdf
    • http://cefasfese.4pu.com/1739739737733735/Of-the-Farm-by-John-Updike.pdf
    • http://cefasfese.4pu.com/2732730734735/The-Coup-by-John-Updike.pdf
    • http://cefasfese.4pu.com/4736731737737733/Couples-by-John-Updike.pdf
    • http://cefasfese.4pu.com/4738733737732/Couples-by-John-Updike.pdf
    • http://cefasfese.4pu.com/4736738730738734/Self-Consciousness-by-John-Updike.pdf
    • http://cefasfese.4pu.com/1736731731736/The-Poorhouse-Fair-by-John-Updike.pdf
    • http://cefasfese.4pu.com/2735739739736736/Rabbit-Redux-by-John-Updike.pdf
    • http://cefasfese.4pu.com/1734730733733738/In-the-Beauty-of-the-Lilies-by-John-Updike.pdf
    • http://cefasfese.4pu.com/7731738736737/The-Early-Stories-by-John-Updike.pdf
    • http://cefasfese.4pu.com/8734734739738/Seek-My-Face-by-John-Updike.pdf
    • http://cefasfese.4pu.com/7730732731737/A-Child-s-Calendar-by-John-Updike.pdf
    • http://cefasfese.4pu.com/3738737737736738/Olinger-Stories-by-John-Updike.pdf
    • http://cefasfese.4pu.com/3731733731731730/12-Terrors-of-Christmas-by-John-Updike.pdf
    • http://cefasfese.4pu.com/4738734735737731/The-Afterlife-and-Other-Stories-by-John-Updike.pdf
    • http://cefasfese.4pu.com/2731733734734/Hugging-the-Shore-Essays-and-Criticism-by-John-Updike.pdf
    • http://cefasfese.4pu.com/6735736734732733/The-Best-American-Short-Stories-of-the-Century-The-Best-American-Series-TM-by-John-Updike.pdf
    • http://cefasfese.4pu.com/3737735738730730/I-Remember-Mama-Broadway-Version-by-John-Van-Druten.pdf
    • http://cefasfese.4pu.com/3735733738735730/Rabbit-Novels-Rabbit-Run-and-Rabbit-Redux-by-John-Updike.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.