Malicious PDF — malware analysis report

Static analysis result for SHA-256 7e91469deb0a2841…

MALICIOUS

PDF

17.7 KB Created: 2019-10-31 23:52:09 +00:00 Authoring application: mPDF 5.7
MD5: 96dfbccd4b8278a269880c496d6d3799 SHA-1: ed1f5b0e6914024b04873d57dd77f2297cb13626 SHA-256: 7e91469deb0a2841389f2eaf10b4326a4dbe53cc4d7cd9c32e57217ee389b1e0
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, identified by the 'PDF_SEO_LINK_FARM' heuristic. While the document body is heavily obfuscated, the presence of these links suggests a tactic to drive traffic to malicious content or engage in SEO spam. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3733730734738734/The-Rector-s-Wife-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/1730734731731736/The-Book-Boy-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/1730736736735730731/The-Best-of-Friends-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/1731731732733730733/Zweiter-Fr-hling-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/8738736730739739/Bruder-und-Schwester-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/2739737736734736/Eliza-Stanhope-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/1730736736733739730/City-of-Friends-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/2732737739733737/Sense-amp-Sensibility-The-Austen-Project-1-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/1730739739738737734/Eine-ganz-normale-Aff-re-by-Joanna-Trollope.pdf
    • http://cefasfese.4pu.com/1731738739739730739/Phineas-Finn-the-Irish-Member-a-Novel-by-Anthony-Trollope-in-Two-Volume-Illustrated-by-Sir-John-Everett-Millais-1st-Baronet-Pra-8-June-1829---13-August-1896-Was-an-English-Painter-and-Illustrator-by-Anthony-Trollope.pdf
    • http://cefasfese.4pu.com/7734732739733/Mr-Scarborough-s-Family-by-Anthony-Trollope-Fiction-Literary-by-Anthony-Trollope.pdf
    • http://cefasfese.4pu.com/1730734738735730/Already-Gone-by-John-Rector.pdf
    • http://cefasfese.4pu.com/1730735733730739737/The-Rector-and-The-Doctor-s-Family-by-Mrs-Oliphant.pdf
    • http://cefasfese.4pu.com/1731735736732735734/The-Rector-Who-Wouldn-t-Pray-for-Rain-by-Pat-Semple.pdf
    • http://cefasfese.4pu.com/2739735736732731/Julie-Loaned-Out-Beginnings-of-a-Slutty-Wife-Swinging-Cuckold-Wife-Watching-Slutty-Wife-Julie-Series-Book-1-by-Peaches-Dean.pdf
    • http://cefasfese.4pu.com/8738732733734730/Pocket-Companion-To-Brenner-And-Rector-s-The-Kidney-by-Michael-R-Clarkson.pdf
    • http://cefasfese.4pu.com/4734730732738735/The-Sidelined-Wife-More-Than-a-Wife-1-by-Jennifer-Peel.pdf
    • http://cefasfese.4pu.com/5730731733735730/The-Warden-by-Anthony-Trollope.pdf
    • http://cefasfese.4pu.com/3733731738737730/The-Warden-by-Anthony-Trollope.pdf
    • http://cefasfese.4pu.com/1730734732736732/Trollope-by-Victoria-Glendinning.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.