Malicious PDF — malware analysis report

Static analysis result for SHA-256 79b839ae06273521…

MALICIOUS

PDF

14.8 KB Created: 2019-05-03 05:24:02 +01:00 Authoring application: mPDF 5.7 First seen: 2020-12-28
MD5: d36a07308fef33f628732d435a84f180 SHA-1: e97b4ab5afef5b6ee6794add368193264fa10194 SHA-256: 79b839ae06273521dd193c2ef08f2e81a86c6b6a2971d0d36125c9615410ccf8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which points to a link farm strategy. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic's description suggest a malicious intent, possibly for SEO manipulation or to host further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also strongly indicates maliciousness. No scripts were extracted, but the embedded links are the primary indicators of compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2733734730734733/Dearest-Jean-Dearest-Walter-by-Rose-Holman.pdf In PDF document text
    • http://cefasfese.4pu.com/1739738737730732/The-Day-We-Met-by-Rowan-Coleman.pdfIn PDF document text
    • http://cefasfese.4pu.com/2735731735/We-Are-All-Made-of-Stars-by-Rowan-Coleman.pdfIn PDF document text
    • http://cefasfese.4pu.com/4734738738733732/River-Deep-by-Rowan-Coleman.pdfIn PDF document text
    • http://cefasfese.4pu.com/1738731733738738/Mommy-by-Mistake-by-Rowan-Coleman.pdfIn PDF document text
    • http://cefasfese.4pu.com/1734737730734738/The-Summer-of-Impossible-Things-by-Rowan-Coleman.pdfIn PDF document text
    • http://cefasfese.4pu.com/6735734738730/Rowan-of-the-Wood-Rowan-of-the-Wood-1-by-Christine-Rose.pdfIn PDF document text
    • http://cefasfese.4pu.com/3738737738732737/Fire-of-the-Fey-Rowan-of-the-Wood-3-by-Christine-Rose.pdfIn PDF document text
    • http://cefasfese.4pu.com/1738736730734734/Dearest-Series-Boxed-Set-Dearest-1-3-by-Lex-Martin.pdfIn PDF document text
    • http://cefasfese.4pu.com/4735739731730733/Dearest-Clementine-Dearest-1-by-Lex-Martin.pdfIn PDF document text
    • http://cefasfese.4pu.com/2736737734735737/Dearest-Dorothy-Slow-Down-You-re-Wearing-Us-Out-Dearest-Dorothy-2-by-Charlene-Ann-Baumbich.pdfIn PDF document text
    • http://cefasfese.4pu.com/6733739730734735/Rowan-to-the-Rescue-The-Rowan-Series-by-Lesley-Ouellette.pdfIn PDF document text
    • http://cefasfese.4pu.com/8732732737738/Rowan-and-the-Travelers-Rowan-of-Rin-2-by-Emily-Rodda.pdfIn PDF document text
    • http://cefasfese.4pu.com/8735733731732/Rowan-Hood-Outlaw-Girl-of-Sherwood-Forest-Rowan-Hood-1-by-Nancy-Springer.pdfIn PDF document text
    • http://cefasfese.4pu.com/8737732735730733/The-Silk-Road-Nick-Rowan-and-Christopher-Herwig-by-Nick-Rowan.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730731737730/Stepbrother-Dearest-by-Penelope-Ward.pdfIn PDF document text
    • http://cefasfese.4pu.com/2732734732731733/My-Dearest-Holmes-by-Rohase-Piercy.pdfIn PDF document text
    • http://cefasfese.4pu.com/9735735735730734/Dearest-Gemma-by-Nichele-Reese.pdfIn PDF document text
    • http://cefasfese.4pu.com/8734731731738/Mommie-Dearest-by-Christina-Crawford.pdfIn PDF document text
    • http://cefasfese.4pu.com/5736737730736737/My-Dearest-Naomi-by-Jerry-S-Eicher.pdfIn PDF document text