Malicious PDF — malware analysis report

Static analysis result for SHA-256 80902d80a9dcc003…

MALICIOUS

PDF

15.0 KB Created: 2019-06-04 07:34:33 +01:00 Authoring application: mPDF 5.7
MD5: 23469d4716d9f724742422bdbf279a42 SHA-1: 2f24295150c9d85d2edf90951c8461f137ed6df3 SHA-256: 80902d80a9dcc00382a3585f8d7bb53f4f5ce246b511ef7b694bea888a240ffd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which is indicative of a link farm or redirection tactic. While the specific URLs extracted were classified as benign, the sheer volume and structure suggest a malicious intent to manipulate search results or redirect users to potentially harmful content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5736731730733/Klondike-The-Last-Great-Gold-Rush-1896-1899-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/5736736730731730/Aurore-of-the-Yukon-A-Girl-s-Adventure-in-the-Klondike-Gold-Rush-by-Keith-Halliday.pdf
    • http://cefasfese.4pu.com/4730731738732733/The-Great-Depression-1929-1939-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/4730733737734734/The-National-Dream-The-Great-Railway-1871-1881-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/4734734736732732/I-Married-the-Klondike-by-Laura-Beatrice-Berton.pdf
    • http://cefasfese.4pu.com/8730731731736735/Pierre-Berton-s-War-of-1812-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/5730731732735732/Klondike-Hero-Alaskan-Bride-Rush-1-by-Jillian-Hart.pdf
    • http://cefasfese.4pu.com/5730736733732736/Days-of-Gold-The-California-Gold-Rush-and-the-American-Nation-by-Malcolm-J-Rohrbough.pdf
    • http://cefasfese.4pu.com/7732732738732738/Eh-Canada-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/3738735732739738/Vimy-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/1738739737737731/Just-Add-Water-and-Stir-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/4730733737733737/The-Wild-Frontier-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/4731731739738735/The-Dionne-Years-A-Thirties-Melodrama-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/3730739730736730/Flames-Across-the-Border-1813-1814-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/4730731731734734/The-Invasion-of-Canada-1812-1813-by-Pierre-Berton.pdf
    • http://cefasfese.4pu.com/3734735737735739/Gold-Rush-by-Jordan-Lynde.pdf
    • http://cefasfese.4pu.com/2736733734732737/Gold-Rush-2000-by-Ed-Mitchell.pdf
    • http://cefasfese.4pu.com/3735734736736730/Golden-Days-Gold-Rush-3-by-Lynn-Lovegreen.pdf
    • http://cefasfese.4pu.com/6734732731739/The-Old-Rush-Marketing-for-Gold-in-the-Age-of-Aging-by-Peter-B-Hubbell.pdf
    • http://cefasfese.4pu.com/3734735730738730/Gold-Rush-Brides-Emmy-by-Cassie-Hayes.pdf
    • http://cefasfese.4pu.com/7732732738732738/E

Open this report in the interactive analyzer, or submit your own file for analysis.