Malicious PDF — malware analysis report

Static analysis result for SHA-256 68b1b0ea90699f65…

MALICIOUS

PDF

13.8 KB Created: 2019-05-02 05:39:56 +01:00 Authoring application: mPDF 5.7
MD5: 767dbcdbd90f476a528d171383ef2f55 SHA-1: 1673b56f6e6590a97a6847fa0cb2d6297547f1bc SHA-256: 68b1b0ea90699f656c36866baf5603d63885066b8c5119ebe021de7f6ab2a5a5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or SEO poisoning attempt. While the document body is heavily obfuscated, the presence of embedded URLs indicates an attempt to redirect the user to external content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of this file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4735739731731733/Forever-You-re-Mine-MINE-4-by-K-Langston.pdf
    • http://cefasfese.4pu.com/6739734734/Obsession-Mine-Tormentor-Mine-2-by-Anna-Zaires.pdf
    • http://cefasfese.4pu.com/2739736738737732/Mine-to-Steal-Mine-to-Love-2-by-T-K-Rapp.pdf
    • http://cefasfese.4pu.com/2731732735739733/Mine-to-Tarnish-Mine-0-5-by-Janeal-Falor.pdf
    • http://cefasfese.4pu.com/6734733730734/Because-You-Are-Mine-The-Complete-Novel-Because-You-Are-Mine-1-by-Beth-Kery.pdf
    • http://cefasfese.4pu.com/1737731735730738/Mine-to-Hold-Mine-3-by-Cynthia-Eden.pdf
    • http://cefasfese.4pu.com/1738734739733732/Forever-Mine-The-Moreno-Brothers-1-by-Elizabeth-Reyes.pdf
    • http://cefasfese.4pu.com/2731733730730738/Mine-Forever-Simon-The-Billionaire-s-Obsession-1-3-by-J-S-Scott.pdf
    • http://cefasfese.4pu.com/3737738735735738/Mine-Forever-Brac-Pack-Next-Gen-5-by-Lynn-Hagen.pdf
    • http://cefasfese.4pu.com/5739738733731735/Be-Mine-Forever-St-Helena-Vineyard-4-by-Marina-Adair.pdf
    • http://cefasfese.4pu.com/4739732737733736/You-Are-Mine-Mine-1-by-Janeal-Falor.pdf
    • http://cefasfese.4pu.com/1739739730734734/She-s-All-Mine-Mine-1-by-Elena-Moreno.pdf
    • http://cefasfese.4pu.com/5730735738730732/You-Are-Mine-Mine-1-by-Janeal-Falor.pdf
    • http://cefasfese.4pu.com/2739734733733734/Mine-All-Mine-by-Adam-Davies.pdf
    • http://cefasfese.4pu.com/4739733734731730/You-ve-Always-Been-Mine-You-re-Mine-2-by-Jenika-Snow.pdf
    • http://cefasfese.4pu.com/1730732730734738732/Truly-Mine-by-Amy-Roe.pdf
    • http://cefasfese.4pu.com/3735733731736736/Mine-by-S-A-Clements.pdf
    • http://cefasfese.4pu.com/3731730733738730/The-Well-and-the-Mine-by-Gin-Phillips.pdf
    • http://cefasfese.4pu.com/3734737733731736/She-s-Mine-by-Liz4101.pdf
    • http://cefasfese.4pu.com/3732737736730739/Heart-Like-Mine-by-Amy-Hatvany.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.