Malicious PDF — malware analysis report

Static analysis result for SHA-256 49181246df1503bd…

MALICIOUS

PDF

16.1 KB Created: 2019-11-28 22:23:42 +00:00 Authoring application: mPDF 5.7
MD5: c7247edb5c11ccc2573062a6202132b6 SHA-1: f9ba0f9e87700008eb00b1583d58255fc802ab44 SHA-256: 49181246df1503bd9619329e3ea92121501f775086eae7d9b5efe421c065db30
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to a single domain, cefasfese.4pu.com, which is indicative of a link farm or SEO poisoning attack. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample. The primary attack pattern involves directing users to a large collection of external PDF files, likely as a form of spam or to host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4739737730738734/Fortunes-of-War-The-Balkan-Trilogy-by-Olivia-Manning.pdf
    • http://cefasfese.4pu.com/1739736738739733/The-Great-Fortune-Balkan-Trilogy-1-by-Olivia-Manning.pdf
    • http://cefasfese.4pu.com/2732732733732736/The-Levant-Trilogy-by-Olivia-Manning.pdf
    • http://cefasfese.4pu.com/1730739733730733735/Balkan-Food-Traditional-Balkan-HomeMade-Recipes-for-Beginners-by-The-Balkans.pdf
    • http://cefasfese.4pu.com/3733734734739730/Balkan-Beauty-Balkan-Blood-Modern-Albanian-Short-Stories-by-Robert-Elsie.pdf
    • http://cefasfese.4pu.com/3735736738736736/Witch-Way-Bends-Bend-Bite-Shift-Trilogy-1-by-Olivia-Hardin.pdf
    • http://cefasfese.4pu.com/2733737734730/Tarzan-The-Complete-Russ-Manning-Newspaper-Strips-Volume-1-1967-1969-by-Russ-Manning.pdf
    • http://cefasfese.4pu.com/8736738730730732/Olivia-and-the-Blueberry-Muffins-Olivia-and-Claire-Book-2-by-Shelle-Allen.pdf
    • http://cefasfese.4pu.com/3738735730731737/The-Manning-Sisters-Manning-Sisters-1-2-by-Debbie-Macomber.pdf
    • http://cefasfese.4pu.com/3732733739732739/Love-and-War-in-London-The-Mass-Observation-Wartime-Diary-of-Olivia-Cockett-by-Olivia-Cockett.pdf
    • http://cefasfese.4pu.com/3735734738736739/Santa-Olivia-Santa-Olivia-1-by-Jacqueline-Carey.pdf
    • http://cefasfese.4pu.com/3739734737731733/Santa-Olivia-Santa-Olivia-No-1-by-Jacqueline-Carey.pdf
    • http://cefasfese.4pu.com/6739734739731731/Fortunes-of-War-by-Gordon-Zuckerman.pdf
    • http://cefasfese.4pu.com/3739737737731732/The-Fortunes-Five-by-Leslie-Margolis.pdf
    • http://cefasfese.4pu.com/1730739732738736733/The-Balkan-Assignment-by-Joe-Poyer.pdf
    • http://cefasfese.4pu.com/4735730730731732/The-Fortunes-of-Indigo-Skye-by-Deb-Caletti.pdf
    • http://cefasfese.4pu.com/4730730734738736/Fortunes-of-Love-by-Caroline-Courtney.pdf
    • http://cefasfese.4pu.com/1730739732739733732/Balkan-Cookbook-The-by-Vladimir-Mirodan.pdf
    • http://cefasfese.4pu.com/1730739732737731731/The-Balkan-Wars-by-Andr-Gerolymatos.pdf
    • http://cefasfese.4pu.com/1730737735738730731/The-Fortunes-of-the-Farrells-by-Mrs-George-de-Horne-Vaizey.pdf
    • http://cefasfese.4pu.com/3732733739732

Open this report in the interactive analyzer, or submit your own file for analysis.