Malicious PDF — malware analysis report

Static analysis result for SHA-256 7d5f45fc8fe4f11d…

MALICIOUS

PDF

15.5 KB Created: 2019-05-01 05:37:06 +01:00 Authoring application: mPDF 5.7
MD5: 7e15ac38c916cc15af6239a864e0d2d0 SHA-1: bdf07c797cb772bb760ff8a8ccf6072a9aa82331 SHA-256: 7d5f45fc8fe4f11dc04f68d9642945c4d1220038914dd59a963f8ababdda3132
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document contains a large number of embedded links to external PDF files, identified as a link farm. While the document body is heavily obfuscated and unreadable, the heuristic firings strongly suggest a malicious intent, likely related to SEO manipulation or distributing further malicious content. No scripts were extracted from this sample, but the presence of numerous external links indicates a potential for drive-by downloads or redirection to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7739730735736734/The-Game-of-Champions-by-L-Lamora.pdf
    • http://cefasfese.4pu.com/7739730735736731/Finding-Badger-by-Holly-LaMora.pdf
    • http://cefasfese.4pu.com/7739730735736732/Locke-Lamora-Reihe-in-4-B-nden-by-Scott-Lynch.pdf
    • http://cefasfese.4pu.com/7733736734737732/The-Lies-of-Locke-Lamora-Gentleman-Bastard-1-by-Scott-Lynch.pdf
    • http://cefasfese.4pu.com/3739734733736/The-Lies-of-Locke-Lamora-Gentleman-Bastard-1-by-Scott-Lynch.pdf
    • http://cefasfese.4pu.com/3732737730735/The-Lies-of-Locke-Lamora-Gentleman-Bastard-1-by-Scott-Lynch.pdf
    • http://cefasfese.4pu.com/4732730736735/The-Lies-of-Locke-Lamora-Gentleman-Bastard-1-by-Scott-Lynch.pdf
    • http://cefasfese.4pu.com/1730733738734736731/AI-Game-Engine-Programming-Game-Development-Series-Charles-River-Media-Game-Development-by-Brian-Schwab.pdf
    • http://cefasfese.4pu.com/7739730735736735/The-Gentleman-Bastard-Sequence-The-Lies-of-Locke-Lamora-Red-Seas-Under-Red-Skies-The-Republic-of-Thieves-by-Scott-Lynch.pdf
    • http://cefasfese.4pu.com/7737736736739736/Champions-62-by-Lou-Mougin.pdf
    • http://cefasfese.4pu.com/7737736736739733/Champions-61-by-Lou-Mougin.pdf
    • http://cefasfese.4pu.com/8730731734739738/We-are-the-champions-by-Dario-Moccia.pdf
    • http://cefasfese.4pu.com/5736735731738730/La-Lakers-NBA-Champions-by-Tim-Kawakami.pdf
    • http://cefasfese.4pu.com/7737736738731738/Champions-58-by-Dennis-Mallonee.pdf
    • http://cefasfese.4pu.com/7737736738731739/Champions-57-by-Dennis-Mallonee.pdf
    • http://cefasfese.4pu.com/1735734737732738/Breakfast-of-Champions-by-Kurt-Vonnegut.pdf
    • http://cefasfese.4pu.com/4730734730730739/Breakfast-of-Champions-by-Kurt-Vonnegut.pdf
    • http://cefasfese.4pu.com/3732734734737/Breakfast-of-Champions-by-Kurt-Vonnegut.pdf
    • http://cefasfese.4pu.com/8730732730730733/Sire-Of-Champions-by-Marguerite-Henry.pdf
    • http://cefasfese.4pu.com/1731731736730732737/Winning-How-Winners-Think-What-Champions-Do-by-Edie-Raether.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.