Malicious PDF — malware analysis report

Static analysis result for SHA-256 4e1ed9f9ee7eb4bd…

MALICIOUS

PDF

17.2 KB Created: 2019-05-03 05:08:38 +01:00 Authoring application: mPDF 5.7
MD5: 9bad654d6f666fd758d140a7c033a65d SHA-1: d8a0909a9f75aa843f2f88d07c97587a3c7bd147 SHA-256: 4e1ed9f9ee7eb4bd17650cbc06c104b0d8a2e201151c635cdacc202b8468a4cf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of a link farm or SEO manipulation tactic. While the specific intent of these links is unclear due to their benign reputation, the sheer volume and the critical heuristic firing suggest a malicious purpose, potentially to distribute further malware or engage in phishing. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/9738733738736732/Maria-Stuart-v-llig-neu-bearbeitet-reich-bebildert-zahlreiche-Einf-gungen-Stammtafel-Stefan-Zweig-B-cher-8-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/9738733738735730/Marie-Antoinette-v-llig-neu-bearbeitet-bebildert-zahlreiche-Einf-gungen-Bildnis-eines-mittleren-Charakters-Stefan-Zweig-B-cher-9-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/9733733730736735/Ungeduld-des-Herzens-Roman-Der-einzige-beendete-Roman-des-Autors-Stefan-Zweig-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/5737730739733731/The-Collected-Novellas-of-Stefan-Zweig-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/5737730739738731/Married-to-Stefan-Zweig-by-Friderike-Zweig.pdf
    • http://cefasfese.4pu.com/5730731732733738/Chess-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/1730731733738732737/Skaknovelle-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/6735733734736/Journey-into-the-Past-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/1733736737734730/Amok-and-Other-Stories-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/4735738734734/Invisible-Collection-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/5738735736734735/Impatience-of-the-Heart-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/9735734737738730/D-mmerung-Erz-hlungen-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/6730733732735735/Erinnerungen-an-Emile-Verhaeren-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/3733732731730737/The-Society-of-the-Crossed-Keys-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/1730735731732735733/Vergessene-Tr-ume-Erz-hlungen-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/4736730730730730/The-World-of-Yesterday-Memoirs-of-a-European-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/1731738734739735732/Die-Reise-in-die-Vergangenheit-und-andere-Erz-hlungen-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/4731737732737735/Amerigo-A-Comedy-of-Errors-in-History-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/1730734730736734737/Sternstunden-der-Menschheit-Zw-lf-historische-Miniaturen-by-Stefan-Zweig.pdf
    • http://cefasfese.4pu.com/5734734734732739/24h-de-la-vie-d-une-femme-suivi-de-Le-Voyage-dans-le-pass-by-Stefan-Zweig.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.