Malicious PDF — malware analysis report

Static analysis result for SHA-256 860f5aa47362924b…

MALICIOUS

PDF

15.6 KB Created: 2019-11-08 01:20:54 +00:00 Authoring application: mPDF 5.7
MD5: b5daf2022dab228cc88cdcbae781128a SHA-1: f53ef09e622e3dcd873bb70d455e201180128a3d SHA-256: 860f5aa47362924b4f10325d7d349233546135eed102ed9cb9f1c9401ac9d864
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or phishing attempt. While the document body is heavily obfuscated, the presence of numerous external links points towards a malicious intent to redirect the user. No scripts were extracted, but the link farm activity is a strong indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/8735731739737/J-D-Robb-in-Death-Collection-Books-30-32-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/8734736737731/The-In-Death-Collection-Books-6-10-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/8735739735736/The-In-Death-Collection-Books-1-5-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/8734739731739/The-In-Death-Collection-Books-16-20-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/4736738734731736/J-D-Robb-4-Book-Series-Collection-Gift-Set-Indulgence-In-Death-Hardcover-Fantasy-In-Death-Kindred-In-Death-Promises-In-Death-In-Death-Series-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/5735736730731730/J-D-Robb-Collection-5-Seduction-in-Death-Reunion-in-Death-and-Purity-in-Death-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/4730736730739733/J-D-Robb-Collection-1-Naked-in-Death-Glory-in-Death-Immortal-in-Death-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/4730733738/Apprentice-in-Death-In-Death-43-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/1732736731731/Holiday-in-Death-In-Death-7-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/8739739735734/Treachery-in-Death-In-Death-32-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/4738735734730739/Rapture-in-Death-In-Death-4-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/4733738739738735/Naked-in-Death-In-Death-1-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/8736733734734/Time-of-Death-In-Death-25-5-27-5-amp-29-5-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/1732732735732/Portrait-in-Death-In-Death-16-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/1732731738732/Visions-in-Death-In-Death-19-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/3732739732735/Naked-in-Death-In-Death-1-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/1730732733735/Festive-in-Death-In-Death-39-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/4736738739735737/Delusion-in-Death-In-Death-35-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/1731735736738/Celebrity-in-Death-In-Death-34-by-J-D-Robb.pdf
    • http://cefasfese.4pu.com/7732733736/Dark-in-Death-In-Death-46-by-J-D-Robb.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.