Malicious PDF — malware analysis report

Static analysis result for SHA-256 475b77a9cde4dcbc…

MALICIOUS

PDF

14.1 KB Created: 2019-04-30 07:45:43 +01:00 Authoring application: mPDF 5.7
MD5: 5f4ea618dd26f1953896a8d15ee83951 SHA-1: 3d4c8ed68cfdd436a0c04ddc2554b7cf1c516a50 SHA-256: 475b77a9cde4dcbc42269358193cfd42ebd46d788b508c1f1b2125e864d0b1df
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to serve as a lure for further malicious activity. No scripts were extracted, limiting the ability to determine a specific payload delivery mechanism.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5737737730733738/The-Crucible-Text-And-Criticism-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/6733730734734732/The-Crucible-Critical-Library-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/8734739735731736/The-Crucible-Revised-Edition-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/6739733734739736/The-Crucible-And-With-Twenty-Two-Related-Readings-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/4733732738739/All-My-Sons-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/5731735733738/After-the-Fall-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/6733730734737739/Death-of-a-Salesman-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/5730732737737736/Death-of-a-Salesman-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/4738732733731730/Death-of-a-Salesman-by-Arthur-Miller.pdf
    • http://cefasfese.4pu.com/2732736733730737/The-Assault-on-Privacy-Computers-Data-Banks-and-Dossiers-by-Arthur-Raphael-Miller.pdf
    • http://cefasfese.4pu.com/4733735733735736/Crucible-of-War-by-Marc-Gascoigne.pdf
    • http://cefasfese.4pu.com/4736737738732732/Le-Morte-d-Arthur-King-Arthur-and-the-Legends-of-the-Round-Table-by-Thomas-Malory.pdf
    • http://cefasfese.4pu.com/2736733731732732/The-Nameless-Day-The-Crucible-1-by-Sara-Douglass.pdf
    • http://cefasfese.4pu.com/2736733731730730/The-Crucible-of-Time-by-John-Brunner.pdf
    • http://cefasfese.4pu.com/3731731737731730/Arthur-s-Valentine-Arthur-Adventure-Series-by-Marc-Brown.pdf
    • http://cefasfese.4pu.com/2734731731737732/Arthur-s-Baby-Arthur-Adventure-Series-by-Marc-Brown.pdf
    • http://cefasfese.4pu.com/4730730732735737/Arthur-s-Eyes-Arthur-Adventure-Series-by-Marc-Brown.pdf
    • http://cefasfese.4pu.com/1736734730730737/Dwellers-in-the-Crucible-by-Margaret-Wander-Bonanno.pdf
    • http://cefasfese.4pu.com/2736733731732734/The-Crippled-Angel-The-Crucible-3-by-Sara-Douglass.pdf
    • http://cefasfese.4pu.com/4736730735739737/Crucible-of-Gold-Temeraire-7-by-Naomi-Novik.pdf
    • http://cefasfese.4pu.com/27367337317

Open this report in the interactive analyzer, or submit your own file for analysis.