Malicious PDF — malware analysis report

Static analysis result for SHA-256 8751b34b97355659…

MALICIOUS

PDF

13.8 KB Created: 2019-11-07 10:17:19 +00:00 Authoring application: mPDF 5.7
MD5: b4c5f6eb7dcaa50e090484300aa008d2 SHA-1: e799a2709da636ae498402ef8bf6b9a13a4b13a4 SHA-256: 8751b34b973556597e3f61345163b3a7dab2fce4886ebf9675aaddd7606ec42b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links, identified as a link farm. The primary heuristic indicates this is a malicious SEO technique, likely intended to drive traffic to potentially malicious sites or to obscure the true destination. The ML classifier strongly supports the malicious verdict. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2737736731733736/Ladies-of-the-Lake-by-Haywood-Smith.pdf
    • http://cefasfese.4pu.com/2731733732733735/Ladies-of-the-Lake-by-Haywood-Smith.pdf
    • http://cefasfese.4pu.com/6737734732730739/Secrets-In-Satin-by-Haywood-Smith.pdf
    • http://cefasfese.4pu.com/3737737737738730/Every-Waking-Hour-by-Paisley-Smith.pdf
    • http://cefasfese.4pu.com/2738731730730730/Yankee-Doodle-Dixie-Dixie-2-by-Lisa-Patton.pdf
    • http://cefasfese.4pu.com/4734739739739735/Waking-Up-Pregnant-Waking-Up-2-by-Mira-Lyn-Kelly.pdf
    • http://cefasfese.4pu.com/1735737735736732/The-Waking-Land-The-Waking-Land-1-by-Callie-Bates.pdf
    • http://cefasfese.4pu.com/4731736733736737/The-Waking-Land-The-Waking-Land-1-by-Callie-Bates.pdf
    • http://cefasfese.4pu.com/3735739733734734/The-Undead-Day-Three-by-R-R-Haywood.pdf
    • http://cefasfese.4pu.com/2737739737731733/The-Cactus-by-Sarah-Haywood.pdf
    • http://cefasfese.4pu.com/1733730736735733/Scottsboro-Boy-by-Haywood-Patterson.pdf
    • http://cefasfese.4pu.com/2733733731738734/Betsy-s-Little-Star-by-Carolyn-Haywood.pdf
    • http://cefasfese.4pu.com/1734736739736/Betsy-s-Winterhouse-by-Carolyn-Haywood.pdf
    • http://cefasfese.4pu.com/1734736734738/Annie-Pat-and-Eddie-by-Carolyn-Haywood.pdf
    • http://cefasfese.4pu.com/2734732731739736/Robert-Rows-the-River-by-Carolyn-Haywood.pdf
    • http://cefasfese.4pu.com/5737730736735734/Merry-Christmas-from-Betsy-by-Carolyn-Haywood.pdf
    • http://cefasfese.4pu.com/4734730739732736/Love-in-Excess-by-Eliza-Fowler-Haywood.pdf
    • http://cefasfese.4pu.com/4731733734739735/Fantomina-or-Love-in-a-Maze-by-Eliza-Fowler-Haywood.pdf
    • http://cefasfese.4pu.com/7738732738733737/Working-Class-Fiction-From-Chartism-to-Trainspotting-by-Ian-Haywood.pdf
    • http://cefasfese.4pu.com/4739731733734734/Town-in-a-Pumpkin-Bash-A-Candy-Holliday-Mystery-4-by-B-B-Haywood.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.