Malicious PDF — malware analysis report

Static analysis result for SHA-256 95c571a5678881c0…

MALICIOUS

PDF

15.4 KB Created: 2019-11-07 11:46:49 +00:00 Authoring application: mPDF 5.7
MD5: d0ffbd20e7c1704c2c1c3bfc97cc1a6a SHA-1: 5f7a5e33a264d04399ea7813e826aca460d24a8a SHA-256: 95c571a5678881c0b4282adff35de47ed72f78d8b3f46cf95915e19f4052ba3e
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF documents. While the URLs themselves are currently marked as confirmed benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to distribute further malware. The ML classifier and ClamAV detection strongly indicate maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Malware.Agent-7652047-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Malware.Agent-7652047-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2739732739732738/The-First-Man-in-Rome-Masters-of-Rome-1-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/2736734733732731/Caesar-Masters-of-Rome-5-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/3738738738732/Fortune-s-Favorites-Masters-of-Rome-3-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/2739732739733731/Caesar-s-Women-Masters-of-Rome-4-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/4735730737735737/Fortune-s-Favorites-Masters-of-Rome-3-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/3739738731734732/The-Grass-Crown-Masters-of-Rome-2-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/4734735734732/The-October-Horse-A-Novel-of-Caesar-and-Cleopatra-Masters-of-Rome-6-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/4730733739738735/The-First-Man-in-Rome-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/2739732738739734/Dying-for-Rome-Lucretia-s-Tale-Short-Tales-of-Ancient-Rome-1-by-Elisabeth-Storrs.pdf
    • http://cefasfese.4pu.com/4734738732738735/The-History-of-Rome-Books-31-45-Rome-and-the-Mediterranean-by-Livy.pdf
    • http://cefasfese.4pu.com/7739733731736/Daughters-of-Rome-The-Empress-of-Rome-2-by-Kate-Quinn.pdf
    • http://cefasfese.4pu.com/2732731734736736/Daughters-of-Rome-The-Empress-of-Rome-2-by-Kate-Quinn.pdf
    • http://cefasfese.4pu.com/2731737738739731/Mistress-of-Rome-The-Empress-of-Rome-1-by-Kate-Quinn.pdf
    • http://cefasfese.4pu.com/6737735734737733/Total-War-Rome-Destroy-Carthage-Total-War-Rome-1-by-David-Gibbins.pdf
    • http://cefasfese.4pu.com/6737739739737731/Rome-and-the-Environs-With-the-Plans-of-Rome-and-the-Environs-by-Fratelli-Treves.pdf
    • http://cefasfese.4pu.com/2732732731731737/The-History-of-Rome-Books-1-5-The-Early-History-of-Rome-by-Livy.pdf
    • http://cefasfese.4pu.com/4738733735732738/Bittersweet-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/3736736739732738/Bittersweet-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/4730739738730731/The-Thorn-Birds-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/4735736732734/The-Ladies-of-Missalonghi-by-Colleen-McCullough.pdf
    • http://cefasfese.4pu.com/7739733731736/Daughters-of-Ro

Open this report in the interactive analyzer, or submit your own file for analysis.