Malicious PDF — malware analysis report

Static analysis result for SHA-256 50d9910954ef9ea3…

MALICIOUS

PDF

16.9 KB Created: 2019-05-01 11:32:09 +01:00 Authoring application: mPDF 5.7
MD5: 6b94344280c4b0761d0782d0f299d4a6 SHA-1: 8d257f45ca3ef7215ea0c3ca5071a435524711c4 SHA-256: 50d9910954ef9ea38608f7fac12300df2e8ca7262d17ef70ecbc2773e3cf7504
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs, forming a link farm. The ClamAV detection indicates this is a known dropper. The primary attack pattern involves redirecting users to a multitude of external PDF documents, likely for SEO poisoning or to host malicious content.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7374828-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7374828-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5736734732730730/1972-in-Israel-Munich-Massacre-Lod-Airport-Massacre-Abu-Daoud-David-Mark-Berger-Sabena-Flight-571-Israel-at-the-1972-Summer-Olympics-by-Source-Wikipedia.pdf
    • http://cefasfese.4pu.com/3737735737734730/Massacre-in-Munich-The-Manhunt-for-the-Killers-Behind-the-1972-Olympics-Massacre-by-Michael-Bar-Zohar.pdf
    • http://cefasfese.4pu.com/1730735736730730739/Global-Journeys-in-Metro-Detroit-A-Multicultural-Guide-to-the-Motor-City-by-Marica-Danner.pdf
    • http://cefasfese.4pu.com/3737733739730739/The-Krenaran-Massacre-by-Ian-J-Smethurst.pdf
    • http://cefasfese.4pu.com/7732736733731731/The-My-Lai-Massacre-by-Michael-Burgan.pdf
    • http://cefasfese.4pu.com/8731738733731739/The-Fetterman-Massacre-by-Dee-Brown.pdf
    • http://cefasfese.4pu.com/4732734732733731/The-Massacre-of-Mankind-by-Stephen-Baxter.pdf
    • http://cefasfese.4pu.com/2734731734731730/X-Men-Mutant-Massacre-by-Chris-Claremont.pdf
    • http://cefasfese.4pu.com/7735733733735734/The-Guyana-Massacre-by-Charles-A-Krause.pdf
    • http://cefasfese.4pu.com/8731738733739739/Massacre-by-Aaron-Dembski-Bowden.pdf
    • http://cefasfese.4pu.com/8731738733739736/Sinema-The-Northumberland-Massacre-by-Rod-Glenn.pdf
    • http://cefasfese.4pu.com/9739730735735732/Herrin-Massacre-by-Scott-Doody.pdf
    • http://cefasfese.4pu.com/7739730731732733/The-Great-Hamster-Massacre-by-Katie-Davies.pdf
    • http://cefasfese.4pu.com/1735733730739737/Glencoe-The-Story-of-the-Massacre-by-John-Prebble.pdf
    • http://cefasfese.4pu.com/5731738738738732/The-Massacre-at-Fall-Creek-by-Jessamyn-West.pdf
    • http://cefasfese.4pu.com/4730738732733739/Massacre-Magazine-Issue-5-by-Julia-Kavan.pdf
    • http://cefasfese.4pu.com/4735735730735731/The-Mondo-Vixen-Massacre-by-Jamie-Grefe.pdf
    • http://cefasfese.4pu.com/4736730731734730/The-Shopping-Mall-Massacre-by-Erica-Pike.pdf
    • http://cefasfese.4pu.com/1734730732739739/The-Fifth-of-March-A-Story-of-the-Boston-Massacre-by-Ann-Rinaldi.pdf
    • http://cefasfese.4pu.com/1730734737734734/The-Fifth-of-March-A-Story-of-the-Boston-Massacre-by-Ann-Rinaldi.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.