Malicious PDF — malware analysis report

Static analysis result for SHA-256 841b0a38c5d6c04c…

MALICIOUS

PDF

14.0 KB Created: 2019-11-07 10:07:53 +00:00 Authoring application: mPDF 5.7
MD5: d3302ff1b8cdb86c7ad21753eb7c9adf SHA-1: 7fd2508f7264feace13bb64e8e2e9e9c6af78119 SHA-256: 841b0a38c5d6c04cc6e706a356826f8505e42d45e8743525e1033ab39c9d992f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified as a link farm, which is a common tactic for SEO manipulation or distributing malicious content. While the specific URLs extracted were labeled as benign, the heuristic firing indicates a suspicious pattern of linking. The ML classifier also flagged the PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2738736738734/The-Ups-and-Downs-of-Being-Dead-by-M-R-Cornelius.pdf
    • http://cefasfese.4pu.com/6735732738737730/Selections-from-L-Hommond-s-Viri-Romae-and-Cornelius-Nepos-by-Cornelius-Nepos.pdf
    • http://cefasfese.4pu.com/3732733736735731/The-Cornelius-Chronicles-The-Chronicles-of-Jerry-Cornelius-1-4-by-Michael-Moorcock.pdf
    • http://cefasfese.4pu.com/5739733739733/Dead-Girls-Dead-Boys-Dead-Things-by-Richard-Calder.pdf
    • http://cefasfese.4pu.com/1730737736732738/A-Dog-Gone-Christmas-by-Lindsay-Downs.pdf
    • http://cefasfese.4pu.com/1735730736735733/Mordred-by-Gregory-J-Downs.pdf
    • http://cefasfese.4pu.com/1733738737731/The-Ups-and-Downs-of-Carl-Davis-III-by-Rosa-Guy.pdf
    • http://cefasfese.4pu.com/1739732733739738/Physical-Chemistry-by-Jana-Downs.pdf
    • http://cefasfese.4pu.com/2736735734736737/Billy-s-Zombie-by-Graham-Downs.pdf
    • http://cefasfese.4pu.com/2734737733735732/Heritage-of-Deceit-by-Graham-Downs.pdf
    • http://cefasfese.4pu.com/2739739735736739/Forever-s-End-Enthralled-1-by-Jana-Downs.pdf
    • http://cefasfese.4pu.com/9739738739737738/Cornelius-by-J-B-Priestley.pdf
    • http://cefasfese.4pu.com/1733735732731737/Ekaterina-Heirs-of-Anton-1-by-Susan-K-Downs.pdf
    • http://cefasfese.4pu.com/3737734732734735/Craving-Distant-Tides-by-Jana-Downs.pdf
    • http://cefasfese.4pu.com/5731731730731735/Downs-The-History-of-Disability-by-David---Wright.pdf
    • http://cefasfese.4pu.com/9732738731732734/The-Schooner-Bertha-L-Downs-by-Basil-Greenhill.pdf
    • http://cefasfese.4pu.com/4733730739736730/A-Special-English-Rose-by-Lindsay-Downs.pdf
    • http://cefasfese.4pu.com/8738737732734733/The-Germania-by-Cornelius-Tacitus.pdf
    • http://cefasfese.4pu.com/9739738738737731/Cornelius-Van-Til-by-John-M-Frame.pdf
    • http://cefasfese.4pu.com/9739738739735737/Losing-It-All-by-Marsha-Cornelius.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.