Malicious PDF — malware analysis report

Static analysis result for SHA-256 841ae5ccbe7c4684…

MALICIOUS

PDF

34.4 KB Created: 2019-10-31 23:52:29 +00:00 Authoring application: mPDF 5.7
MD5: bba4f476c3b2b59aae8e09332c300b38 SHA-1: 7a166bdb3f5784c10c70ec3c4c5467d4a923bcd4 SHA-256: 841ae5ccbe7c46844a6e67ef8f23f466552ce4d930c18b2dbbbe416a52a8936f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, many of which point to the same domain with numeric slugs. While the specific URLs were classified as benign, the sheer volume and structure suggest a link farm designed to lure users to potentially malicious content. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9636

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1737732737735734/Simplicissimus-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://cefasfese.4pu.com/1730735732737737737/Life-of-Courage-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://cefasfese.4pu.com/1730735732738739737/The-Adventurous-Simplicissimus-by-Hans-Jacob-Christoph-Von-Grimmelshausen.pdf
    • http://cefasfese.4pu.com/1730735732737738738/Tearaway-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://cefasfese.4pu.com/1730735733730732730/De-Weltberuffenen-Simplicissimi-Pralerey-Und-Gepr-ng-Mit-Seinem-Teutschen-Michel-Aus-Gesammelte-Werke-in-Einzelausgaben-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://cefasfese.4pu.com/1730735733730732732/Simplicissimi-wunderliche-Gauckel-Tasche-Komplettausgabe-Einige-Anekdoten-der-Simplicianischen-Lebensgeschichte-durchsetzt-mit-poetologischen-Motiven-der-Hermeneutik-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://cefasfese.4pu.com/1730735732738738734/The-Nature-of-Realism-in-Grimmelshausen-s--Simplicissimus--Cycle-of-Novels-by-R-P-T-Aylett.pdf
    • http://cefasfese.4pu.com/1730735732739733730/Grimmelshausen-Rezeption-in-Der-Fiktionalen-Literatur-Der-Deutschen-Romantik-by-Jakob-Koeman.pdf
    • http://cefasfese.4pu.com/1730735732738734738/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXVII-2005---In-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://cefasfese.4pu.com/8737730738732735/Liebling-An-adventurous-life-by-Jenny-Mansell-Black.pdf
    • http://cefasfese.4pu.com/1730735732738735731/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXI-1999---In-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://cefasfese.4pu.com/1730735732737738732/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXIX-2007-in-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-Schriften-Der-Grimmelshausen-Gesellschaft-XXIX-2007-in-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://cefasfese.4pu.com/1731731734738734733/Ausgewh-lte-Werke-Des-quot-Simplicissimus-quot-Dichters-Hans-Erich-Blaich-Dr-Owlglass-Mit-Sm-tlichen-Briefen-An-Kurt-Tucholsky-Mit-Einer-Einleitung-Anmerkungen-Und-Einer-Bibliographie-by-Volker-Hoffmann.pdf
    • http://cefasfese.4pu.com/4730733735737734/Pirate-Hunter-of-the-Caribbean-The-Adventurous-Life-of-Captain-Woodes-Rogers-by-David-Cordingly.pdf
    • http://cefasfese.4pu.com/8732731734737733/Man-the-story-of-his-advent-life-and-development-in-the-earth-world-and-his-continued-life-and-progression-in-the-spirit-world-with-a-description-allegory-of-his-principal-aids-and-counsellors-told-in-epic-verse-by-Edwy-Wells-Foster.pdf
    • http://cefasfese.4pu.com/1730737734733730735/Die-Mittelassyrischen-Texte-Aus-Tell-Chuera-in-Nordost-Syrien-Mit-Einem-Beitrag-Von-Daniela-I-Janisch-Jakob-by-Stefan-Jakob.pdf
    • http://cefasfese.4pu.com/5731735730737/John-Brown-s-Spy-The-Adventurous-Life-and-Tragic-Confession-of-John-E-Cook-by-Steven-Lubet.pdf
    • http://cefasfese.4pu.com/7733737734732/A-Street-Cat-Named-Bob-And-How-He-Saved-My-Life-by-James-Bowen.pdf
    • http://cefasfese.4pu.com/1731738735734732739/Sonderbare-Erinnerungen-Und-Merkwurdige-Lebensfahrten-Des-Blinden-Jakob-Birrer-Von-Luthern-by-Jakob-Birrer.pdf
    • http://cefasfese.4pu.com/1730736733732731739/The-Reality-of-Life-Story-of-a-lived-Life-by-Hans-Juergen-Briest.pdf
    • http://cefasfese.4pu.com/1730735733730732732/Simplicissimi-wunderliche-Gauckel-Tasche-Komplettausgabe-Einige-Anekdoten-der-Simplicianischen-Lebensgeschichte-durchsetzt-mit-poetologischen-Motiven-der-Hermeneutik-by-Hans-Jakob-Chr

Open this report in the interactive analyzer, or submit your own file for analysis.