Malicious PDF — malware analysis report

Static analysis result for SHA-256 58e636a0e3565ae6…

MALICIOUS

PDF

13.8 KB Created: 2019-05-02 07:04:08 +01:00 Authoring application: mPDF 5.7
MD5: a0626aee0c91baee8164f552080d7ab2 SHA-1: 7e66212ea67984be38a9fe9c704d29d9e38f7b29 SHA-256: 58e636a0e3565ae6043bc150f3c4bdff59e63a75334c953dee0aed34f1bba4c6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, indicative of a link farm or a method to distribute further malicious content. While the URLs themselves are currently marked as benign, the sheer volume and the critical heuristic firing suggest a malicious intent, possibly to lure users to download further payloads or engage in SEO-based scams. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2734732736733734/Co-Ed-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/4733733739732732/The-Bet-The-Bet-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/3734738730731734/The-Bet-The-Bet-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/1733730734737739/The-Wager-The-Bet-2-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/4731731734734731/Strung-Seaside-0-5-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/2734732733738739/The-Parting-Gift-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/4735738735734734/Toxic-Ruin-2-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/4731735737/Keep-Seaside-Pictures-2-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/4733734730739731/Tear-Seaside-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/7738736735734/Tear-Seaside-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/3736736735733731/Compromising-Kessen-Vandenbrook-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/4739731731732733/Compromising-Kessen-Vandenbrook-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/3730734739/The-Matchmaker-s-Playbook-Wingmen-Inc-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/5737736733737739/Games-of-Love-T02-Le-D-sir-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/6731735730/Enrage-Eagle-Elite-8-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/9735735733736738/Games-of-Love---Bitters-e-Sehnsucht-The-Bet-1-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/5737730734/Cheater-s-Regret-Curious-Liaisons-2-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/9730730733736738/Games-of-Love---Unendliches-Verlangen-The-Bet-2-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/8738733738739/The-Seduction-of-Sebastian-St-James-The-House-of-Renwick-2-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com/2734732733739732/The-Wolf-s-Pursuit-London-Fairy-Tales-3-by-Rachel-Van-Dyken.pdf
    • http://cefasfese.4pu.com

Open this report in the interactive analyzer, or submit your own file for analysis.