Malicious PDF — malware analysis report

Static analysis result for SHA-256 895c7fc0c0b9ea26…

MALICIOUS

PDF

14.6 KB Created: 2019-11-07 22:28:50 +00:00 Authoring application: mPDF 5.7
MD5: 7ce9c0a5d940b3b3ab9e58961729fc02 SHA-1: a14d5c1f3b029539fa58e7e84d3d8c056712f927 SHA-256: 895c7fc0c0b9ea268e2381dd7c6f3bb1346326fa2b51bf3ff41abed52da844cf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the 'cefasfese.4pu.com' domain. While the individual URLs are currently marked as benign, the sheer volume and structure suggest a link farm or redirection mechanism likely used for phishing or malware distribution. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4730737739738736/Prime-Evil-II-Secrets-and-Shadows-by-Douglas-E-Winter.pdf
    • http://cefasfese.4pu.com/1736733736731730/Just-Evil-Evil-Secrets-Trilogy-1-by-Vickie-McKeehan.pdf
    • http://cefasfese.4pu.com/3739736739731737/Prime-Evil-Buffy-the-Vampire-Slayer-Season-3-10-by-Diana-G-Gallagher.pdf
    • http://cefasfese.4pu.com/3730733734733732/Secrets-in-the-Shadows-Shadows-Collection-Leroy-s-Sins-1-by-T-L-Haddix.pdf
    • http://cefasfese.4pu.com/2735738731730737/Beautiful-Evil-Winter-by-Kelly-K-Lavender.pdf
    • http://cefasfese.4pu.com/3733734736735738/Winter-Shadows-by-Casey-L-Bond.pdf
    • http://cefasfese.4pu.com/1731737736739731736/Winter-Eyes-by-Douglas-Florian.pdf
    • http://cefasfese.4pu.com/2736733738731/Black-Wine-by-Douglas-E-Winter.pdf
    • http://cefasfese.4pu.com/8733735732739739/Death-on-Winter-s-Eve-by-Douglas-V-Dollard.pdf
    • http://cefasfese.4pu.com/1735734732739730/Even-Sunflowers-Cast-Shadows-by-Douglas-Armstrong.pdf
    • http://cefasfese.4pu.com/3738730730739732/Prime-Imperative-The-Prime-Chronicles-3-by-Monette-Michaels.pdf
    • http://cefasfese.4pu.com/1737739735731734/First-Do-No-Evil-Blood-Secrets-1-by-Carey-Baldwin.pdf
    • http://cefasfese.4pu.com/2730730738734731/Summoning-Shadows-Rosso-Lussuria-2-by-Winter-Pennington.pdf
    • http://cefasfese.4pu.com/3738730731731735/Prime-Salvation-Katieran-Prime-6-by-K-D-Jones.pdf
    • http://cefasfese.4pu.com/3738730735730730/Colonial-Prime-Katieran-Prime-7-by-K-D-Jones.pdf
    • http://cefasfese.4pu.com/3738730734739739/Kiljorn-Prime-Katieran-Prime-4-by-K-D-Jones.pdf
    • http://cefasfese.4pu.com/3739732739735737/Secrets-and-Shadows-The-Secret-Zoo-2-by-Bryan-Chick.pdf
    • http://cefasfese.4pu.com/2736736737738737/Deeper-Than-Need-Secrets-amp-Shadows-1-by-Shiloh-Walker.pdf
    • http://cefasfese.4pu.com/2731738737733733/Secrets-in-the-Shadows-The-Guardians-of-the-Night-2-by-Jenna-Black.pdf
    • http://cefasfese.4pu.com/4739737732732735/Secrets-in-the-Shadows-Bluford-High-3-by-Anne-Schraff.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.