Malicious PDF — malware analysis report

Static analysis result for SHA-256 5bec7793c56ec1fb…

MALICIOUS

PDF

17.6 KB Created: 2019-11-09 22:46:17 +00:00 Authoring application: mPDF 5.7
MD5: b38a5cdb1974ec5a234e7e262fe9bc4a SHA-1: ddcc4ae2e92f76e0bc97c7111696ce178446b23f SHA-256: 5bec7793c56ec1fbc5f5c322cd8bcc23da7b077d963618335f99c8b57fa58ba9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to a domain that appears to be hosting numerous book-related PDFs. This pattern is indicative of a link farm or SEO manipulation, likely intended to drive traffic or potentially serve as a lure for malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4739735734734730/The-Arabian-Nights-Tales-of-1001-Nights-Volume-3-by-Anonymous.pdf
    • http://cefasfese.4pu.com/4739735734733738/The-Arabian-Nights-Tales-of-1001-Nights-Volume-2-by-Anonymous.pdf
    • http://cefasfese.4pu.com/1731734739731737736/The-Book-of-the-Thousand-Nights-and-a-Night-also-called-The-Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/7735730734734739/The-Arabian-Nights-Entertainments-Or-The-Book-of-a-Thousand-Nights-and-a-Night-by-Anonymous.pdf
    • http://cefasfese.4pu.com/3730732735734732/Arabian-Nights-The-Marvels-and-Wonders-of-The-Thousand-and-One-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/9739739732731739/Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/9737736730739737/The-Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/4730731733730738/The-Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/4736735735734732/The-Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/9730734738737734/Tales-from-The-Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/1735739736732738/The-Arabian-Nights-Entertainments-by-Anonymous.pdf
    • http://cefasfese.4pu.com/9738734732738732/The-Arabian-Nights-Entertainment-by-Anonymous.pdf
    • http://cefasfese.4pu.com/5737733731730739/Tales-from-the-Arabian-Nights-Sheherazade-Aladdin-Ali-Baba-and-the-40-Thieves-by-Anonymous.pdf
    • http://cefasfese.4pu.com/2735738737735736/The-Arabian-Nights-Alf-Laylah-Wa-Laylah-by-Anonymous.pdf
    • http://cefasfese.4pu.com/9734732733737/1001-Nights-Illustrated-Fairy-Tales-from-One-Thousand-and-One-Nights-by-Robert-Klanten.pdf
    • http://cefasfese.4pu.com/1736739730738738/Arabian-Nights-and-Days-by-Naguib-Mahfouz.pdf
    • http://cefasfese.4pu.com/1731731737731731/One-Thousand-and-One-Arabian-Nights-by-Geraldine-McCaughrean.pdf
    • http://cefasfese.4pu.com/4735733738739733/Ali-Baba-and-the-Forty-Thieves-by-The-Arabian-Nights.pdf
    • http://cefasfese.4pu.com/1730732735730731/New-Arabian-Nights-by-Robert-Louis-Stevenson.pdf
    • http://cefasfese.4pu.com/3730736736734739/Sharaz-De-Tales-from-the-Arabian-Nights-by-Sergio-Toppi.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.