Malicious PDF — malware analysis report

Static analysis result for SHA-256 a324f6fd95db18a0…

MALICIOUS

PDF

17.9 KB Created: 2019-08-02 07:36:55 +01:00 Authoring application: mPDF 5.7
MD5: cce237f4737acd32980a80101bf10a5c SHA-1: 6e0087c74001d5eaec327b5195480000d868d497 SHA-256: a324f6fd95db18a0f506930e3a6ed9ce053723408ac97ed8153d31e527945478
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to a domain that hosts numerous book-related PDF files. This indicates a link farm designed to attract traffic or potentially distribute further malicious content. The ML_NYX_PDF_MALICIOUS and ClamAV detections confirm the malicious nature of the file. The embedded links are the primary IOCs, directing users to a potentially harmful site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7193165-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7193165-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3733738735733/The-Lions-of-Al-Rassan-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/7732739730738730/Articles-on-Novels-by-Guy-Gavriel-Kay-Including-Tigana-the-Fionavar-Tapestry-the-Sarantine-Mosaic-the-Lions-of-Al-Rassan-the-Summer-Tree-Ysabel-the-Last-Light-of-the-Sun-the-Wandering-Fire-the-Darkest-Road-Jad-by-Hephaestus-Books.pdf
    • http://cefasfese.4pu.com/8732738732738734/Guy-Gavriel-Kay-Books-Checklist-Reading-Order-of-Fionavar-Tapestry-Series-Sarantine-Mosaic-Series-Under-Heaven-Series-and-List-of-All-Guy-Gavriel-Kay-Books-by-Kevin-Hanson.pdf
    • http://cefasfese.4pu.com/3737737733731739/Thrown-to-the-Lions-Volume-Two-Thrown-to-the-Lions-by-Kim-Dare.pdf
    • http://cefasfese.4pu.com/4736733734732/The-Last-Light-of-the-Sun-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/4730733736736737/Tigana-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/3737731739735731/Tigana-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/3739736737737735/The-Last-Light-of-the-Sun-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/3737737737731739/Ysabel-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/2735738735731/Ysabel-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/7732739731732737/He-Roza-by-Gavriel-Leandrou.pdf
    • http://cefasfese.4pu.com/2733735739732735/River-of-Stars-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/1730733735731/River-of-Stars-Under-Heaven-2-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/7732739730736733/Wind-and-the-Sea-B-amp-w-Edition-by-Gavriel-Navarro.pdf
    • http://cefasfese.4pu.com/7732739730736739/The-Impregnable-People-by-Gavriel-Hagadol.pdf
    • http://cefasfese.4pu.com/3730732738732734/Sailing-to-Sarantium-The-Sarantine-Mosaic-1-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/3737732736730/The-Darkest-Road-The-Fionavar-Tapestry-3-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/3735731733731730/The-Darkest-Road-The-Fionavar-Tapestry-3-by-Guy-Gavriel-Kay.pdf
    • http://cefasfese.4pu.com/7732739731732734/Relationship-1-1-The-Genesis-of-Togetherness-by-Gavriel-Goldfeder.pdf
    • http://cefasfese.4pu.com/7732739731733734/Advances-in-Ergonomics-in-Manufacturing-by-Gavriel-Salvendy.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.