Malicious PDF — malware analysis report

Static analysis result for SHA-256 50ac6a9fcf06a541…

MALICIOUS

PDF

17.3 KB Created: 2019-11-07 09:46:09 +00:00 Authoring application: mPDF 5.7
MD5: 746a00e41ce2ea8e4f3bed1028d34d4d SHA-1: c6f204f0d400bebea6d1f3338f4bbd8b20461159 SHA-256: 50ac6a9fcf06a541ee4a2c7e7e6b71c172e3cabf3c85ab772eb4b4192b676aaf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external websites, identified as a PDF_SEO_LINK_FARM heuristic. While the document body is unreadable, the presence of numerous links suggests a malicious intent, possibly for SEO spam or to distribute further malicious content. No scripts were extracted, and the family is unknown.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7731730731737/The-Magic-of-Recluce-The-Saga-of-Recluce-1-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/4732733739735730/Recluce-Tales-Stories-from-the-World-of-Recluce-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/2731738733739733/The-Order-War-The-Saga-of-Recluce-4-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/5739738739733/The-White-Order-The-Saga-of-Recluce-8-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/4731733732732736/Scion-of-Cyador-The-Saga-of-Recluce-11-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/4731732738739731/Natural-Ordermage-The-Saga-of-Recluce-14-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/1731739735731738/A-Spark-of-Magic-Chosen-Saga-1-by-J-L-Clayton.pdf
    • http://cefasfese.4pu.com/1730739734738734/The-Magic-Sword-The-Highwater-Saga-Book-1-by-R-J-Knight.pdf
    • http://cefasfese.4pu.com/1735736734735739/The-Magic-Crystal-The-Dream-Merchant-Saga-1-by-L-T-Suzuki.pdf
    • http://cefasfese.4pu.com/1737737735735736/A-Promise-of-Magic-Silver-Moon-Saga-2-5-by-Melissa-Giorgio.pdf
    • http://cefasfese.4pu.com/3736739739732739/A-Magic-Dark-and-Bright-The-Asylum-Saga-1-by-Jenny-Adams-Perinovic.pdf
    • http://cefasfese.4pu.com/2734733734734732/Princeps-Imager-Portfolio-5-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/2731738733734736/The-Soprano-Sorceress-Spellsong-Cycle-1-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/3738732731731731/Mouse-s-Halloween-Party-by-Jeanne-Modesitt.pdf
    • http://cefasfese.4pu.com/1732732739730730/Lady-Protector-Corean-Chronicles-8-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/2731736731731733/Cadmian-s-Choice-Corean-Chronicles-5-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/4732734732734736/Assassin-s-Price-Imager-Portfolio-11-by-L-E-Modesitt-Jr-.pdf
    • http://cefasfese.4pu.com/9738730737739736/The-Impending-Storm-The-Imperium-Saga-The-Imperium-Saga-The-Imperium-Saga-by-Clifford-B-Bowyer.pdf
    • http://cefasfese.4pu.com/3730734731737737/Karlamagnus-Saga-The-Saga-Of-Charlemagne-and-His-Heroes-3-volume-set-by-Constance-B-Hieatt.pdf
    • http://cefasfese.4pu.com/8733738730734735/The-Dragons-Saga-The-Darkness-In-Rockcliff-Episode-I-The-Dragon-Saga-Book-1-by-Michael-Desrosiers.pdf
    • http://cefasfese.4pu.com/3736739739732739/A-Magic-Dark-and-Bright-The-Asylum-

Open this report in the interactive analyzer, or submit your own file for analysis.