Malicious PDF — malware analysis report

Static analysis result for SHA-256 55cfb970fa0128fa…

MALICIOUS

PDF

14.8 KB Created: 2019-05-03 05:10:09 +01:00 Authoring application: mPDF 5.7
MD5: 1f8be83329628efd0e3025a70c93c6ca SHA-1: 824dc20e745e84c454b5b610f2ad001fc720baf2 SHA-256: 55cfb970fa0128fa04bdef0bf225845e45e2305e7e0d85bec565a65198ea0d2a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, as indicated by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO spam or to distribute further malware. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4738736734730732/The-Lost-Hero-The-Heroes-of-Olympus-1-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/1730737739738/The-Lost-Hero-The-Heroes-of-Olympus-1-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/5730732730731739/The-Lost-Hero-Heroes-of-Olympus-1-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/3738734732733/Demigods-and-Monsters-Your-Favorite-Authors-on-Rick-Riordan-s-Percy-Jackson-and-the-Olympians-Series-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/4736733735734739/The-Son-of-Magic-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/2731738733739732/The-Sea-of-Monsters-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/3734733730737/The-Demigod-Diaries-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/2739737734736/The-Throne-of-Fire-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/9737739731732732/De-troon-van-vuur-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/4738736738739739/The-Red-Pyramid-Kane-Chronicles-1-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/4736731737734734/The-Son-of-Neptune-The-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/2739736739733734/Vespers-Rising-The-39-Clues-11-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/3733737734736/The-Maze-of-Bones-The-39-Clues-1-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/2738737737734733/The-Maze-of-Bones-The-39-Clues-1-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/3737730738735737/The-Son-of-Neptune-The-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/3735731731736738/The-Son-of-Neptune-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/2736735733739738/The-Son-of-Neptune-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/3733735730735736/The-Son-of-Neptune-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/8731737737733/The-Last-Olympian-Percy-Jackson-and-the-Olympians-5-by-Rick-Riordan.pdf
    • http://cefasfese.4pu.com/7733732730732738/Percy-Jackson-and-the-Sea-of-Monsters-Book-2-by-Rick-Riordan.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.