Malicious PDF — malware analysis report

Static analysis result for SHA-256 6da6b4b18eb947b0…

MALICIOUS

PDF

15.8 KB Created: 2019-05-03 06:06:28 +01:00 Authoring application: mPDF 5.7
MD5: 2db3e0a7e76e9d30da09a0ef68e419a7 SHA-1: bdd6f6b438973e2edb0cfc1d9f3e7a5b29e78ff3 SHA-256: 6da6b4b18eb947b09ef0ded446160add6b76e9671db86b8322aff41bf69fe14f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or SEO manipulation tactic. While most URLs are marked as benign, the sheer volume and the nature of the heuristic indicate a potentially malicious intent to drive traffic or host content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9800

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4733731737734733/Divided-The-Guardians-2-by-M-J-Stevens.pdf
    • http://cefasfese.4pu.com/5738734739734730/Divided-World-Divided-Class-Global-Political-Economy-and-the-Stratification-of-Labour-Under-Capitalism-by-Zak-Cope.pdf
    • http://cefasfese.4pu.com/4739733730732738/Wings-of-the-Divided-The-Divided-1-by-C-J-Sullivan.pdf
    • http://cefasfese.4pu.com/9739738734731737/Guardians-of-Magic-A-Reverse-Harem-Paranormal-Fantasy-Romance-Guardians-of-the-Fae-Book-1-by-Elizabeth-Hartwell.pdf
    • http://cefasfese.4pu.com/1737737732737730/Guardians-The-Shoma-Guardians-6-part-1-of-2-by-Lola-St-Vil.pdf
    • http://cefasfese.4pu.com/3730739731737733/Guardians-of-the-Dead-The-Guardians-1-by-S-L-Wilson.pdf
    • http://cefasfese.4pu.com/3730737734734731/The-Guardians-of-the-Flame-Guardians-of-the-Flame-1-3-by-Joel-Rosenberg.pdf
    • http://cefasfese.4pu.com/3739733732738734/Letters-of-Wallace-Stevens-by-Wallace-Stevens.pdf
    • http://cefasfese.4pu.com/2731734734736737/Guardians-of-Dawn-Guardians-of-Dawn-1-by-S-Jae-Jones.pdf
    • http://cefasfese.4pu.com/1731737735736730/The-Divided-Man-by-John-Sauer.pdf
    • http://cefasfese.4pu.com/2733730731732736/Uncanny-X-Men-Divided-We-Stand-by-Ed-Brubaker.pdf
    • http://cefasfese.4pu.com/4733734730731739/Divided-Loyalties-by-Patricia-Scanlan.pdf
    • http://cefasfese.4pu.com/1735730731734735/Divided-City-by-Theresa-Breslin.pdf
    • http://cefasfese.4pu.com/1739734733732731/A-House-Divided-by-Deborah-Leblanc.pdf
    • http://cefasfese.4pu.com/2737732737732730/A-House-Divided-by-Robert-Whitlow.pdf
    • http://cefasfese.4pu.com/1736738736734731/House-Divided-by-Dorothy-M-Cray.pdf
    • http://cefasfese.4pu.com/3732735732731735/Divided-We-Stand-by-Howard-Steinberg.pdf
    • http://cefasfese.4pu.com/1739739736734738/House-Divided-by-Ben-Ames-Williams.pdf
    • http://cefasfese.4pu.com/2734736736735736/House-Divided-by-Peter-G-Pollak.pdf
    • http://cefasfese.4pu.com/5730734734730732/Divided-Loyalties-Ashwood-Falls-4-by-Lia-Davis.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.