Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f381c519590b296…

MALICIOUS

PDF

12.7 KB Created: 2019-05-02 17:36:12 +01:00 Authoring application: mPDF 5.7
MD5: 15926436cb54b3eb7173f8ad9326389a SHA-1: 4ea4633e2f68efd7b7957a50dfffbc2036728f67 SHA-256: 6f381c519590b296c4d190155bf4daba9f64bb0af7148f411531bb1f0eb7817f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently flagged as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2732736739733733/Deeper-Illusions-Illusions-2-by-Annie-Jocoby.pdf
    • http://cefasfese.4pu.com/1734735736734735/Beautiful-Illusions-Illusions-1-by-Annie-Jocoby.pdf
    • http://cefasfese.4pu.com/2732736739732739/End-of-Illusions-Illusions-3-by-Annie-Jocoby.pdf
    • http://cefasfese.4pu.com/1732732736738733/Food-Illusions-Vol-1-by-Ben-Churchill.pdf
    • http://cefasfese.4pu.com/2732733731739736/Illusions-by-Madeline-J-Reynolds.pdf
    • http://cefasfese.4pu.com/4733733732731736/Illusions-of-Love-by-S-A-Ferguson.pdf
    • http://cefasfese.4pu.com/5736730736735736/Illusions-by-Aprilynne-Pike.pdf
    • http://cefasfese.4pu.com/6733738737735731/Illusions-by-Wanda-B-Campbell.pdf
    • http://cefasfese.4pu.com/3733738730739/Illusions-Wings-3-by-Aprilynne-Pike.pdf
    • http://cefasfese.4pu.com/1731732738739731738/The-Illusions-of-Hope-by-Wiss-Auguste.pdf
    • http://cefasfese.4pu.com/3732735734739736/Shattered-Illusions-by-Leigh-Hershkovich.pdf
    • http://cefasfese.4pu.com/8732736731732734/Les-illusions-connect-es-by-Gabriel-Centaure.pdf
    • http://cefasfese.4pu.com/6733738737730735/Lord-of-Illusions-by-Clive-Barker.pdf
    • http://cefasfese.4pu.com/2736735734735732/Dissolving-Illusions-by-Suzanne-Humphries.pdf
    • http://cefasfese.4pu.com/6733738737731730/The-Illusions-of-Postmodernism-by-Terry-Eagleton.pdf
    • http://cefasfese.4pu.com/2732735739738733/Illusions-Wings-3-by-Aprilynne-Pike.pdf
    • http://cefasfese.4pu.com/1731731732736735/Illusions-of-Fate-by-Kiersten-White.pdf
    • http://cefasfese.4pu.com/4737732732736730/Dangerous-Illusions-by-Joseph-J-Gabriele.pdf
    • http://cefasfese.4pu.com/5730730739735737/The-Book-of-Illusions-A-Novel-by-Paul-Auster.pdf
    • http://cefasfese.4pu.com/6731730736738730/The-Conductor-of-Illusions-by-Metin-Arditi.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.