Malicious PDF — malware analysis report

Static analysis result for SHA-256 5c9957841a69b1c2…

MALICIOUS

PDF

12.6 KB Created: 2019-05-02 06:11:36 +01:00 Authoring application: mPDF 5.7
MD5: 0fa62ac3412c854d3a679a7659a6ad3f SHA-1: 8e1802cf73f238e8a4502a9af5627e7ced26bbf7 SHA-256: 5c9957841a69b1c23bb6f942c893b5054475ba2733894c22a155c8eea80118ce
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm, suggesting a tactic to distribute malicious content or lead users to phishing pages. While no scripts were extracted, the PDF structure and the sheer volume of links strongly indicate a malicious intent, likely related to social engineering or malware distribution. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4734737737733735/Inkheart-Inkworld-1-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/3736733736736730/Inkheart-Inkworld-1-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/2738737730736737/Inkheart-Inkworld-1-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/1734735733734737/Inkheart-Inkworld-1-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/2731738734735734/Inkspell-Inkworld-2-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7737731737737739/Inkspell-Volume-2-Inkheart-2-Part-2-of-2-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7737731737730737/Inkspell-Volume-1-Inkheart-2-Part-1-of-2-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/6731733735734/Inkheart-Movie-Storybook-Adapted-by-Sonia-Sander-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7737731738733734/Cornelia-Funke-Picture-Books-Set-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7737731738733735/Ghosthunters-Set-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7737731738732730/Cornelia-Funke-by-Sue-Corbett.pdf
    • http://cefasfese.4pu.com/4739733739739733/The-Pirate-Pig-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/4735734734734733/The-Wildest-Brother-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7736731737736/The-Thief-Lord-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/3733736738733735/The-Book-No-One-Ever-Read-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/3733733736736732/The-Thief-Lord-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/3733733739731730/The-Moonshine-Dragon-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/7737731735737738/Cornelia-Funke-by-Tatiana-Tomljanovic.pdf
    • http://cefasfese.4pu.com/4731731737733734/Dragon-Rider-by-Cornelia-Funke.pdf
    • http://cefasfese.4pu.com/5732737732739731/Muerte-de-Tinta-by-Cornelia-Funke.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.