Malicious PDF — malware analysis report

Static analysis result for SHA-256 937fcafff0efe32b…

MALICIOUS

PDF

16.0 KB Created: 2019-05-24 17:46:51 +01:00 Authoring application: mPDF 5.7
MD5: d22831903a0dd0f917e9eb8e52a2a38c SHA-1: 053386612f6395b5ba32c0b9aa13c980fcc098ab SHA-256: 937fcafff0efe32b49667b057106bbf373867799f7ca5c92369c92456f396f5a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF document contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this sample as malicious with high confidence. The embedded URLs, such as http://cefasfese.4pu.com/6735732732731735/The-Oracles-of-Troy-Adventures-of-Odysseus-4-by-Glyn-Iliffe.pdf, are likely used to manipulate search engine results or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6735732732731735/The-Oracles-of-Troy-Adventures-of-Odysseus-4-by-Glyn-Iliffe.pdf
    • http://cefasfese.4pu.com/6735732732731733/The-Gates-of-Troy-Adventures-of-Odysseus-2-by-Glyn-Iliffe.pdf
    • http://cefasfese.4pu.com/6735732732731734/The-Armour-of-Achilles-Adventures-of-Odysseus-3-by-Glyn-Iliffe.pdf
    • http://cefasfese.4pu.com/3739739738733734/The-Adventures-of-Odysseus-and-the-Tale-of-Troy-by-Padraic-Colum.pdf
    • http://cefasfese.4pu.com/8735737733731/The-Children-s-Homer-The-Adventures-of-Odysseus-and-the-Tale-of-Troy-by-Padraic-Colum.pdf
    • http://cefasfese.4pu.com/4737735735739733/The-Trojan-War-and-the-Adventures-of-Odysseus-by-Padraic-Colum.pdf
    • http://cefasfese.4pu.com/6735732732736736/Elinor-Glyn-A-Biography-by-Anthony-Glyn.pdf
    • http://cefasfese.4pu.com/3732735736734731/Rooks-of-the-Knot-Book-1-by-R-N-S-Iliffe.pdf
    • http://cefasfese.4pu.com/5731731736737731/A-Modern-History-of-Tanganyika-by-John-Iliffe.pdf
    • http://cefasfese.4pu.com/6735732733732732/Glyn-Maxwell-Plays-Two-by-Glyn-Maxwell.pdf
    • http://cefasfese.4pu.com/7737732734732736/The-Symbolon-The-Oracles-2-by-Delia-J-Colvin.pdf
    • http://cefasfese.4pu.com/1731735731730736/The-Sibylline-Oracle-The-Oracles-1-by-Delia-J-Colvin.pdf
    • http://cefasfese.4pu.com/4730730733737732/The-Call-of-the-Crown-The-Dragon-Oracles-1-by-T-J-Garrett.pdf
    • http://cefasfese.4pu.com/3736736732733731/Last-of-the-Nephilim-Oracles-of-Fire-3-by-Bryan-Davis.pdf
    • http://cefasfese.4pu.com/1730732735734735739/Mysteries-of-the-Oracles-The-Last-Secrets-of-Antiquity-by-Philipp-Vandenberg.pdf
    • http://cefasfese.4pu.com/7730730737735734/Oracles-How-Prediction-Markets-Turn-Employees-into-Visionaries-by-Donald-N-Thompson.pdf
    • http://cefasfese.4pu.com/7738731735734/The-Axion-Esti-by-Odysseus-Elytis.pdf
    • http://cefasfese.4pu.com/7732731739738732/Odysseus-in-Dublin-by-Richard-Ellmann.pdf
    • http://cefasfese.4pu.com/4730732736738734/The-World-of-Odysseus-by-Moses-I-Finley.pdf
    • http://cefasfese.4pu.com/6734738735732731/Odyssey-The-Story-of-Odysseus-by-Homer.pdf
    • http://cefasfese.4pu.com/1731735731730736/The-Si

Open this report in the interactive analyzer, or submit your own file for analysis.