Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3804da7e468c352…

MALICIOUS

PDF

16.9 KB Created: 2019-04-30 11:22:28 +01:00 Authoring application: mPDF 5.7
MD5: c734d361cf0b2106dcc86bcffcaa375b SHA-1: 3125effb099ada4f09ef30b15a7623dd8ed4fd84 SHA-256: a3804da7e468c3524fe08ac0cd72b72d5794d5673f2e26b079e53c81c0a7bb7b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, hosted on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a lure to a malicious site, as flagged by the PDF_SEO_LINK_FARM heuristic. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9787

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1731731732734735737/Retribution-by-Jilliane-Hoffman.pdf
    • http://cefasfese.4pu.com/1730731732733738730/Plea-of-Insanity-by-Jilliane-Hoffman.pdf
    • http://cefasfese.4pu.com/4738732736737732/So-Much-Pretty-by-Cara-Hoffman.pdf
    • http://cefasfese.4pu.com/3739730736738736/The-Last-Four-Things-The-Left-Hand-of-God-2-by-Paul-Hoffman.pdf
    • http://cefasfese.4pu.com/4734738737738/The-Last-Four-Things-The-Left-Hand-of-God-2-by-Paul-Hoffman.pdf
    • http://cefasfese.4pu.com/1732739730730730/Pretty-Bad-Things-by-C-J-Skuse.pdf
    • http://cefasfese.4pu.com/1736733737738734/The-Small-Heart-of-Things-Being-at-Home-in-a-Beckoning-World-by-Julian-Hoffman.pdf
    • http://cefasfese.4pu.com/9738733731/Dirty-Pretty-Things-by-Michael-Faudet.pdf
    • http://cefasfese.4pu.com/3734732733734739/Even-Pretty-Things-Rot-A-dark-and-compulsive-thriller-by-Farah-Ali.pdf
    • http://cefasfese.4pu.com/7731735731733/Pretty-Little-Secrets-A-Pretty-Little-Liars-Collection-Pretty-Little-Liars-4-5-by-Sara-Shepard.pdf
    • http://cefasfese.4pu.com/2733730734733733/Pretty-is-as-Pretty-Dies-Myrtle-Clover-Mysteries-1-by-Elizabeth-Spann-Craig.pdf
    • http://cefasfese.4pu.com/2734733733733739/Pretty-When-She-Kills-Pretty-When-She-Dies-2-by-Rhiannon-Frater.pdf
    • http://cefasfese.4pu.com/9736731730736736/The-Pretty-Series-Bundle-Pretty-1-3-5-by-Michelle-Leighton.pdf
    • http://cefasfese.4pu.com/1738730730730734/Pretty-Sly-Pretty-Crooked-2-by-Elisa-Ludwig.pdf
    • http://cefasfese.4pu.com/2739737734736732/Pretty-New-Doll-Pretty-Little-Dolls-3-by-Ker-Dukey.pdf
    • http://cefasfese.4pu.com/4732730734734734/Pretty-Hot-Pretty-1-by-Donna-Alam.pdf
    • http://cefasfese.4pu.com/3738732735735738/Mable-Hoffman-s-Chocolate-Cookery-by-Mable-Hoffman.pdf
    • http://cefasfese.4pu.com/2737739732731733/Pretty-Guardian-Sailor-Moon-Vol-9-Pretty-Soldier-Sailor-Moon-Renewal-Edition-9-by-Naoko-Takeuchi.pdf
    • http://cefasfese.4pu.com/4734737734739/Pretty-Guardian-Sailor-Moon-Vol-1-Pretty-Soldier-Sailor-Moon-Renewal-Edition-1-by-Naoko-Takeuchi.pdf
    • http://cefasfese.4pu.com/4735733735738/Pretty-Little-Liars-Box-Set-Pretty-Little-Liars-1-4-by-Sara-Shepard.pdf
    • http://cefasfese.4pu.com/2733730734733733/Pretty-is-as-Pretty-Dies-Myrtle-Clover-Mysteries-1-by-Elizabeth-Spann-Craig.pd

Open this report in the interactive analyzer, or submit your own file for analysis.