Malicious PDF — malware analysis report

Static analysis result for SHA-256 8b6b0b4e1aa5d151…

MALICIOUS

PDF

17.2 KB Created: 2019-11-10 00:23:36 +00:00 Authoring application: mPDF 5.7
MD5: 913766b584d7bc03fe38f1284c0504c9 SHA-1: fdde2b5071db27d08ebc6a40fa71054d6442c0c6 SHA-256: 8b6b0b4e1aa5d1512ccce031973e296d5bd20455288b43216ca2a3aff637ef11
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a link farm with 23 external links, primarily pointing to URLs hosted on 'cefasfese.4pu.com'. This heuristic suggests the document is designed to drive traffic to a large number of other PDF files, likely for SEO manipulation or to host malicious content. No scripts were extracted from this sample. The primary attack pattern involves directing users to a large number of external resources.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6736734736733738/Emil-And-The-Bad-Tooth-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4738736738731734/Emil-s-Pranks-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/9737737737732734/Auswahlkriterien-Fur-Problemorientierte-Kinderliteratur-an-Den-Beispielen-Emil-Und-Die-Detektive-Von-Erich-Kastner-Anton-Zitterbacke-Von-Gerhard-Holtz-Baumert-Ronja-Raubertochter-Von-Astrid-Lindgren-by-Doro-Hoffmann.pdf
    • http://cefasfese.4pu.com/3734739734733/Mio-My-Son-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1731734739733736/The-Tomten-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4737730733733739/Weihnachten-in-Bullerb-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1730735732738736/Karlsson-on-the-Roof-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/2733735732738738/Rasmus-and-the-Vagabond-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1731730735739731736/Pippi-Moves-In-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4735735736730732/Pippi-Goes-to-the-Circus-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/7737734732731736/Karlson-Flies-Again-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4737732737737/Pippi-in-the-South-Seas-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3730732733730737/Christmas-in-Noisy-Village-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3738732738736737/Pippi-Longstocking-in-the-Park-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3730732733731734/The-Children-on-Troublemaker-Street-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3733738735730/Ronia-the-Robber-s-Daughter-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/2730738733732734/Pippi-in-the-South-Seas-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1739734732738734/Happy-Times-in-Noisy-Village-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/6734736732739737/Pippi-Langstrumpf-geht-an-Bord-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1731730736730737738/The-New-Adventures-of-Pippi-Longstocking-2the-Story-Book-Based-on-the-Movie-by-Astrid-Lindgren.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.