Malicious PDF — malware analysis report

Static analysis result for SHA-256 5774373442d7ed0c…

MALICIOUS

PDF

14.6 KB Created: 2019-11-07 10:46:45 +00:00 Authoring application: mPDF 5.7
MD5: fa55b9c152c0ef443ef90c3e4b204464 SHA-1: dd6da6e48b2675ab450b912b0d3186529cd1f740 SHA-256: 5774373442d7ed0cf4ca18e016131f3ab7de2f02a0d031036b3237239e3bd0a4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While most of these links resolve to benign content, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to distribute further malware. The ML classifier also flagged this PDF with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3732733730735734/Into-the-Whirlwind-BOSS-Inc-2-by-Kat-Martin.pdf
    • http://cefasfese.4pu.com/2735730735731733/Mob-Boss-Christmas-The-Pregnancy-Romancing-the-Mob-Boss-5-by-Mallory-Monroe.pdf
    • http://cefasfese.4pu.com/1734736730737730/The-Boss-The-Boss-1-by-Abigail-Barnette.pdf
    • http://cefasfese.4pu.com/4737734732736737/The-Whirlwind-by-Carol-Matas.pdf
    • http://cefasfese.4pu.com/3738736732733730/Within-the-Whirlwind-by-Evgenia-Ginzburg.pdf
    • http://cefasfese.4pu.com/2739736732730731/Whirlwind-by-James-Clavell.pdf
    • http://cefasfese.4pu.com/2730731730732738/Into-the-Whirlwind-by-Elizabeth-Camden.pdf
    • http://cefasfese.4pu.com/9734734738735736/Whirlwind-Ghost-Dance-by-Natalia-Belting.pdf
    • http://cefasfese.4pu.com/2733734739733733/Whirlwind-Only-in-Gooding-3-by-Cathy-Marie-Hake.pdf
    • http://cefasfese.4pu.com/1732738730731/Out-of-the-Whirlwind-The-Appomattox-Saga-5-by-Gilbert-Morris.pdf
    • http://cefasfese.4pu.com/9734730730738/A-Spirit-to-Ride-the-Whirlwind-by-Athena-V-Lord.pdf
    • http://cefasfese.4pu.com/2734739736737733/Romancing-the-Mob-Boss-Romancing-the-Mob-Boss-1-by-Mallory-Monroe.pdf
    • http://cefasfese.4pu.com/6738737735735/Whirlwind-The-Air-War-Against-Japan-1942-1945-by-Barrett-Tillman.pdf
    • http://cefasfese.4pu.com/3730736737734735/The-Whirlwind-in-the-Thorn-Tree-The-Outlaw-King-1-by-S-A-Hunt.pdf
    • http://cefasfese.4pu.com/3733734734733732/The-Oncoming-Storm-Angel-in-the-Whirlwind-1-by-Christopher-G-Nuttall.pdf
    • http://cefasfese.4pu.com/4731737735739730/Accidentally-Flirting-with-the-CEO-Whirlwind-Romance-1-by-Shadonna-Richards.pdf
    • http://cefasfese.4pu.com/1737736737737734/Reap-the-Whirlwind-Killian-Kendall-2-by-Josh-Aterovis.pdf
    • http://cefasfese.4pu.com/2734733739733739/Escape-The-Love-Story-from-Whirlwind-by-James-Clavell.pdf
    • http://cefasfese.4pu.com/3736737739738731/Angel-in-the-Whirlwind-The-Triumph-of-the-American-Revolution-by-Benson-Bobrick.pdf
    • http://cefasfese.4pu.com/2735732735733735/The-Boss-by-J-L-Perry.pdf
    • http://cefasfese.4pu.com/2734739736737733/Romancing-the

Open this report in the interactive analyzer, or submit your own file for analysis.