Malicious PDF — malware analysis report

Static analysis result for SHA-256 a62e4230f5eb848e…

MALICIOUS

PDF

18.1 KB Created: 2019-05-02 06:59:51 +01:00 Authoring application: mPDF 5.7
MD5: 28b475ebb63a34588d4fbb43e441d4dc SHA-1: ff521da898b4fd862305d43ac1d1de096918c6db SHA-256: a62e4230f5eb848e18b6ff9c666b5b802d26367de71828ba62b7a0aef158621f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous URLs suggests a link-farming or content distribution scheme. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6730735736737737/The-pilgrim-s-progress-with-forty-illustrations-by-David-Scott-R-S-A-amp-c-a-life-of-Bunyan-by-the-Rev-J-M-Wilson-and-explanatory-notes-abridged-from-the-Rev-Thomas-Scott-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/3732738733734/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/8730734730737731/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/7736739731739/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/1730738733737739736/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/1731733739737732738/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/5739738733737733/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/8731731734732737/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/8738739734738735/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/3731734736739732/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/9732730732733735/The-Pilgrim-s-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/9738735733730731/The-Pilgrim-s-Progress-in-Two-Parts-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/9731737734733739/The-Pilgrim-s-Progress-from-This-World-to-That-Which-Is-to-Come-Abridg-d-by-J-Wesley-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/8730733730739730/The-Pilgrim-s-Progress-Color-Illustrated-Formatted-for-E-Readers-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/8736734739737731/The-Pilgrim-s-Progress-from-This-World-to-That-Which-Is-to-Come-Delivered-Under-the-Similitude-of-a-Dream-Wherein-Is-Discovered-the-Manner-of-His-Setting-Out-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/6733735735734735/Bunyan-s-Pilgrim-in-verse-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/9739738736733733/The-Pilgrims-Progress-by-John-Bunyan.pdf
    • http://cefasfese.4pu.com/5738733736734733/Pilgrim-s-Progress-by-Gary-D-Schmidt.pdf
    • http://cefasfese.4pu.com/6732730730733731/The-Road-to-Corbyn-A-Modern-Day-Pilgrim-s-Progress-by-Rob-Donovan.pdf
    • http://cefasfese.4pu.com/9736734738737734/Walk-with-Me-Pilgrim-s-Progress-for-Married-Couples-by-Annie-Wald.pdf
    • http://cefasfese.4pu.com/8731731734732737/The-Pilgrim-s-Pr

Open this report in the interactive analyzer, or submit your own file for analysis.