Malicious PDF — malware analysis report

Static analysis result for SHA-256 700a1775040312e9…

MALICIOUS

PDF

12.6 KB Created: 2019-05-22 19:10:57 +01:00 Authoring application: mPDF 5.7
MD5: 4babd02181adec9d867997c40ac09a52 SHA-1: da79a509beba8245b69088e1f12cd3fa2901c9ac SHA-256: 700a1775040312e95e12eb1a886cbbf12ad9494b6e086f6c7bb27e869af753a4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and the heuristic firing of PDF_SEO_LINK_FARM suggest a malicious intent to manipulate search engine results or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3734732737733736/Findesferas-by-Leo-X-Robertson.pdf
    • http://cefasfese.4pu.com/5730738734733/Death-Dreams-Deluxe-The-Complete-Works-of-Chris-Robertson-by-Chris-Robertson.pdf
    • http://cefasfese.4pu.com/2732738735737739/Lisa-Robertson-s-Magenta-Soul-Whip-by-Lisa-Robertson.pdf
    • http://cefasfese.4pu.com/3734732735732734/Sinkhole-by-Leo-X-Robertson.pdf
    • http://cefasfese.4pu.com/3731730736735/Si-cology-1-by-Si-Robertson.pdf
    • http://cefasfese.4pu.com/6734736736730732/Paris-And-Versailles-by-Ian-Robertson.pdf
    • http://cefasfese.4pu.com/1730739735739739/Swithering-by-Robin-Robertson.pdf
    • http://cefasfese.4pu.com/4730736730732734/The-Job---Volume-One-The-Job-1-by-Dawn-Robertson.pdf
    • http://cefasfese.4pu.com/3735734736733/The-Long-Take-by-Robin-Robertson.pdf
    • http://cefasfese.4pu.com/2733739739732735/Ice-to-India-by-Keith-Robertson.pdf
    • http://cefasfese.4pu.com/2735734738733739/Booth-by-David-M-Robertson.pdf
    • http://cefasfese.4pu.com/1735735738737739/Eden-by-Michael-Robertson.pdf
    • http://cefasfese.4pu.com/8731734739733738/Titans-by-Edward-W-Robertson.pdf
    • http://cefasfese.4pu.com/6732736736737739/The-Ideal-Genuine-Man-by-Don-Robertson.pdf
    • http://cefasfese.4pu.com/4730736735730731/Crashing-Heaven-Station-1-by-Al-Robertson.pdf
    • http://cefasfese.4pu.com/1737738738738739/Sparks-in-the-Dark-by-Chris-Robertson.pdf
    • http://cefasfese.4pu.com/9733738732733734/Life-Just-Got-Real-by-Sadie-Robertson.pdf
    • http://cefasfese.4pu.com/2733736732739738/The-Salterton-Trilogy-by-Robertson-Davies.pdf
    • http://cefasfese.4pu.com/1737737731737731/Attack-in-the-Alleghenies-by-William-P-Robertson.pdf
    • http://cefasfese.4pu.com/1730731731735732739/Beaufort-Special-by-Bruce-Robertson.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.