Malicious PDF — malware analysis report

Static analysis result for SHA-256 657c2bb0c60252b8…

MALICIOUS

PDF

15.5 KB Created: 2019-05-04 11:45:00 +01:00 Authoring application: mPDF 5.7
MD5: 9dff82c3163441460f8a805a67cc00cc SHA-1: 3b9391f984e6ccd42436b152c8f786467b28f525 SHA-256: 657c2bb0c60252b8b57c3bc8ab9f79612495a03eee0131f242be3aa3b094f617
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which are likely intended to redirect users to malicious sites. While the document body is heavily corrupted, the presence of numerous external links suggests a phishing or content-luring attack. No scripts were extracted, but the structure implies a potential for JavaScript execution within the PDF to facilitate link traversal.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4737735731731732/The-Gunslinger-The-Dark-Tower-1-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/2731732739731733/Full-Dark-No-Stars-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/6735732732732739/The-Gunslinger-The-Dark-Tower-1-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3731733734734736/Full-Dark-No-Stars-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/4735733731739735/The-Gunslinger-The-Dark-Tower-1-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/4730738737730732/Everything-s-Eventual-14-Dark-Tales-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3734738738738733/The-Gunslinger-The-Dark-Tower-1-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/2737736732732738/Song-of-Susannah-The-Dark-Tower-6-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/6735732733735730/The-Waste-Lands-The-Dark-Tower-3-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3734739733732739/The-Waste-Lands-The-Dark-Tower-3-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/4739730730739739/The-Waste-Lands-The-Dark-Tower-3-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3734734737738/Song-of-Susannah-The-Dark-Tower-6-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/4730732735736737/Wolves-of-the-Calla-The-Dark-Tower-5-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/6736738732738730/Dark-Tower-I-The-Gunslinger-Film-Tie-In-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3737739730732732/Stephen-King-s-Battleground-A-Commemoration-of-the-Emmy-Winning-Television-Adaptation-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3734738738738734/The-Dark-Tower-The-Dark-Tower-7-by-Stephen-King.pdf
    • http://cefasfese.4pu.com/3730733738739730/The-Sagas-of-King-Half-and-King-Hrolf-by-W-Bryant-Bachman.pdf
    • http://cefasfese.4pu.com/9735730733733734/King-Stephen-Greta-the-Witch-by-Stephen-Voller.pdf
    • http://cefasfese.4pu.com/3734730739739737/The-Stephen-King-Universe-A-Guide-to-the-Worlds-of-the-King-of-Horror-by-Stanley-Wiater.pdf
    • http://cefasfese.4pu.com/4732731730734739/Stephen-King-Goes-to-the-Movies-by-Stephen-King.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.