Malicious PDF — malware analysis report

Static analysis result for SHA-256 59d4a31e4dca6672…

MALICIOUS

PDF

15.3 KB Created: 2019-04-30 08:07:57 +01:00 Authoring application: mPDF 5.7
MD5: e09e92956027ab2fff8ee2e8604a58c4 SHA-1: f4128d60482ce516f8701cff91eee4af09b68dcc SHA-256: 59d4a31e4dca667240b137de7f60788a35a0940ac8037a2e524bb721ee80ed7e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high score. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for distributing malware or phishing content, or for SEO poisoning. The primary IOC is the first URL found in the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2737737734739732/The-Hawk-and-the-Dove-Trilogy-The-Hawk-and-the-Dove-1-3-by-Penelope-Wilcock.pdf
    • http://cefasfese.4pu.com/2737737737736733/The-Hardest-Thing-to-Do-The-Hawk-and-the-Dove-4-by-Penelope-Wilcock.pdf
    • http://cefasfese.4pu.com/1730730733732737/The-Long-Fall-The-Hawk-and-the-Dove-3-by-Penelope-Wilcock.pdf
    • http://cefasfese.4pu.com/2734736730737735/The-Hawk-and-the-Dove-by-Virginia-Henley.pdf
    • http://cefasfese.4pu.com/3734736733739730/The-Steve-Ditko-Omnibus-Vol-2-Starring-the-Hawk-and-the-Dove-by-Steve-Ditko.pdf
    • http://cefasfese.4pu.com/2733731737733738/Swords-of-Haven-The-Adventures-of-Hawk-and-Fisher-Hawk-and-Fisher-1-3-by-Simon-R-Green.pdf
    • http://cefasfese.4pu.com/1737732731735739/The-White-Hawk-Redemption-The-White-Hawk-4-by-David-Pilling.pdf
    • http://cefasfese.4pu.com/1737732731736734/The-White-Hawk-Restoration-The-White-Hawk-3-by-David-Pilling.pdf
    • http://cefasfese.4pu.com/2731733739736732/The-Hawk-and-His-Boy-The-Tormay-Trilogy-1-by-Christopher-Bunn.pdf
    • http://cefasfese.4pu.com/3731734733739739/Tommo-And-Hawk-The-Australian-Trilogy-2-by-Bryce-Courtenay.pdf
    • http://cefasfese.4pu.com/1736736734731732/The-Pet-Hawk-of-the-House-of-Abbas-The-Silk-Road-Trilogy-1-by-Dmitry-Chen.pdf
    • http://cefasfese.4pu.com/3736738739730732/Hawk-amp-Fisher-Hawk-amp-Fisher-1-by-Simon-R-Green.pdf
    • http://cefasfese.4pu.com/4734737730731734/Black-Hawk-An-Autobiography-by-Black-Hawk.pdf
    • http://cefasfese.4pu.com/2730730732732734/Broken-Dove-by-L-A-Kent.pdf
    • http://cefasfese.4pu.com/9731738735736/Sonata-Mulattica-by-Rita-Dove.pdf
    • http://cefasfese.4pu.com/9739733733734736/The-Wings-of-the-Dove-by-Henry-James.pdf
    • http://cefasfese.4pu.com/2731736739732/On-the-Bus-With-Rosa-Parks-by-Rita-Dove.pdf
    • http://cefasfese.4pu.com/4732737736736737/Quill-of-the-Dove-by-Con-C-Ian-Thomas-Shaw-.pdf
    • http://cefasfese.4pu.com/5731736739735732/Love-the-Wounded-by-Lynn-Dove.pdf
    • http://cefasfese.4pu.com/8730733734733/Fly-With-The-Mourning-Dove-by-Velda-Brotherton.pdf
    • http://cefasfese.4pu.com/3731734733739739/Tommo-And-Hawk-The

Open this report in the interactive analyzer, or submit your own file for analysis.