Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d2b512690ee9784…

MALICIOUS

PDF

15.0 KB Created: 2019-05-03 17:54:40 +01:00 Authoring application: mPDF 5.7
MD5: 20f4a96e905480e1a98260d1a7366ba9 SHA-1: 807e86605a456e2e0e40c2ccce3dbed1dae2996c SHA-256: 6d2b512690ee9784078458cac2f9703eb442a8513bd2e407b84a883baf5204a3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs pointing to external PDF files, many of which are hosted on the suspicious domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a content-luring scheme, potentially designed to drive traffic or distribute further malicious content. The ML classifier also flagged this PDF as malicious, supporting the assessment of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1737732733732731/Nothing-Stays-In-Vegas-Vegas-1-by-Elena-Aitken.pdf
    • http://cefasfese.4pu.com/4730737732733736/I-Do-in-Las-Vegas-Memories-and-Experiences-of-a-Las-Vegas-Wedding-Chapel-Minister-by-Bishop-Michelina-Foster.pdf
    • http://cefasfese.4pu.com/2730739735736734/My-Fake-Vegas-Boyfriend-Viva-Las-Vegas-1-by-Lori-Sizemore.pdf
    • http://cefasfese.4pu.com/1730739739735731730/Las-Vegas-Legends-What-Happened-in-Vegas-by-Greg-Niemann.pdf
    • http://cefasfese.4pu.com/2736738735738735/Vegas-Heat-Vegas-2-by-Fern-Michaels.pdf
    • http://cefasfese.4pu.com/2738738734735/Composing-Myself-by-Elena-Aitken.pdf
    • http://cefasfese.4pu.com/2734736733734737/Composing-Myself-by-Elena-Aitken.pdf
    • http://cefasfese.4pu.com/2732735731734739/Unexpected-Gifts-Castle-Mountain-Lodge-1-by-Elena-Aitken.pdf
    • http://cefasfese.4pu.com/6739738730738/When-We-Left-Timber-Creek-Series-Book-1-by-Elena-Aitken.pdf
    • http://cefasfese.4pu.com/3733730739737739/What-Happens-in-Vegas-by-Robert-S-Wilson.pdf
    • http://cefasfese.4pu.com/5733731738731738/Smile-you-re-in-Vegas-by-Duo-Infernale.pdf
    • http://cefasfese.4pu.com/3735731732733733/Only-In-Vegas-by-Lindsey-Brookes.pdf
    • http://cefasfese.4pu.com/3730733736739733/Still-Life-Las-Vegas-by-James-Sie.pdf
    • http://cefasfese.4pu.com/5730731730737732/Vegas-Ramblings-by-Robert-E-Wacaster.pdf
    • http://cefasfese.4pu.com/9738732735737731/To-Vegas-and-Back-by-Suzanne-R-Krauss.pdf
    • http://cefasfese.4pu.com/2732737733739739/Waking-Up-in-Vegas-by-Gabrielle-Dorian.pdf
    • http://cefasfese.4pu.com/2734739735736737/What-Happens-in-Vegas-Rx-for-Pleasure-2-by-Marteeka-Karland.pdf
    • http://cefasfese.4pu.com/6735739739731/Leaving-Las-Vegas-by-John-O-39-Brien.pdf
    • http://cefasfese.4pu.com/1731737731730738733/Heiraten-in-Las-Vegas-by-Michael-Baldershausen.pdf
    • http://cefasfese.4pu.com/1736736736731735/Masquerading-with-the-CEO-What-Happens-in-Vegas-4-by-Dawn-Chartier.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.