Malicious PDF — malware analysis report

Static analysis result for SHA-256 91466cff042132fc…

MALICIOUS

PDF

16.7 KB Created: 2019-05-01 11:21:46 +01:00 Authoring application: mPDF 5.7
MD5: fd295c7a4650e4d07e53852b02876628 SHA-1: f151ff6ea0ec17d0a0c4b4399a4f6abdbe78636a SHA-256: 91466cff042132fcc3a84718bec8fc4a29d4cced4689fbe3e4a251b3fc7c1fbf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a link farm with 23 external PDF links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The document body contains numerous URLs pointing to other PDF files, suggesting a tactic to distribute or redirect users to a large number of potentially malicious documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9810

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/8732736732734731/Natural-Alternatives-to-Antidepressants-St-John-s-Wort-Kava-Kava-and-Others-by-Kenneth-McIntosh.pdf
    • http://cefasfese.4pu.com/8732736732733732/Kava-Kava-Valerian-Nervine-Herbs-by-R-Elkins.pdf
    • http://cefasfese.4pu.com/4733734735735731/The-Long-Midnight-of-Barney-Thomson-Barney-Thomson-1-by-Douglas-Lindsay.pdf
    • http://cefasfese.4pu.com/4733734735734734/The-Cutting-Edge-of-Barney-Thomson-Barney-Thomson-2-by-Douglas-Lindsay.pdf
    • http://cefasfese.4pu.com/2733733731737732/A-Necessary-Evil-by-Alex-Kava.pdf
    • http://cefasfese.4pu.com/3739731736737736/Blood-Father-A-Novel-by-Peter-Craig.pdf
    • http://cefasfese.4pu.com/2731738738732732/Blood-Red-Pleasure-by-Peter-Klein.pdf
    • http://cefasfese.4pu.com/4732737733737739/Blood-Father-by-Peter-Craig.pdf
    • http://cefasfese.4pu.com/4732739734732738/Exposed-Maggie-O-Dell-6-by-Alex-Kava.pdf
    • http://cefasfese.4pu.com/9730733739732/Split-Second-Maggie-O-Dell-2-by-Alex-Kava.pdf
    • http://cefasfese.4pu.com/4738732739730/Exposed-Maggie-O-Dell-6-by-Alex-Kava.pdf
    • http://cefasfese.4pu.com/9730735733731/A-Necessary-Evil-Maggie-O-Dell-5-by-Alex-Kava.pdf
    • http://cefasfese.4pu.com/3739736734739731/Atonement-of-Blood-Sister-Fidelma-24-by-Peter-Tremayne.pdf
    • http://cefasfese.4pu.com/9730736733737/The-Soul-Catcher-Maggie-O-Dell-3-by-Alex-Kava.pdf
    • http://cefasfese.4pu.com/3730738732735731/Batman-Detective-Comics-Volume-8-Blood-of-Heroes-by-Peter-J-Tomasi.pdf
    • http://cefasfese.4pu.com/6731736735739/Letters-to-Elise-A-Peter-Townsend-Novella-My-Blood-Approves-4-5-by-Amanda-Hocking.pdf
    • http://cefasfese.4pu.com/2731733735732/Virgil-Thomson-Reader-by-Virgil-Thomson.pdf
    • http://cefasfese.4pu.com/1731738734732739/Blood-and-Snow-Volumes-1-4-Blood-and-Snow-Revenant-in-Training-The-Vampire-Christopher-Blood-Soaked-Promises-by-RaShelle-Workman.pdf
    • http://cefasfese.4pu.com/3735732731735739/Blood-of-My-Blood-Blood-of-My-Blood-1-by-Joann-L-Polite.pdf
    • http://cefasfese.4pu.com/7732733733730737/Twice-a-Spy-by-Keith-Thomson.pdf
    • http://cefasfese.4pu.com/3739736734739731/Atonement-of-Blood-S

Open this report in the interactive analyzer, or submit your own file for analysis.