Malicious PDF — malware analysis report

Static analysis result for SHA-256 a79b4c4d0bda9bb3…

MALICIOUS

PDF

15.6 KB Created: 2020-01-02 06:04:47 +00:00 Authoring application: mPDF 5.7
MD5: c1c62759f53218d544e6eeb0b3868ead SHA-1: 2278ee1a417f7ced8268b50769cdc877995e4cb6 SHA-256: a79b4c4d0bda9bb35c0f08275b1d9abd9389b910953e88004d2394e8db06e01a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While many of these URLs were classified as benign, the sheer volume and the ML_NYX_PDF_MALICIOUS classifier indicate a malicious intent. The document body contains these URLs, suggesting a lure to external content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4731731732731731/The-Abominable-Snowman-A-Short-Story-from-Dragons-at-Crumbling-Castle-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/6732738737736735/The-Abominable-Snowman-Choose-Your-Own-Adventure-13-by-R-A-Montgomery.pdf
    • http://cefasfese.4pu.com/4736735731738732/Terry-Pratchett-s-Mort-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/1730731731736734735/Swedish-Castle-Introduction-Gripsholm-Castle-Kalmar-Castle-Naas-Castle-Vadstena-Castle-Malmo-Castle-Bjarka-Saby-Castle-by-Source-Wikipedia.pdf
    • http://cefasfese.4pu.com/3731737731734736/Double-Dragons-Dragons-of-New-York-1-by-Terry-Bolryder.pdf
    • http://cefasfese.4pu.com/3732730731736/Nation-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/5730735734734732/Nation-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/1737737738730732/The-Unadulterated-Cat-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/4731737732733/Where-s-My-Cow-Discworld-34-5-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/1731738732732739731/Sourcery-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/1731738732731730739/Mort-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/9738736733736/Dodger-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/4731736738735/The-Carpet-People-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/9738736733735731/GURPS-Discworld-Also-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/8739735738738/The-Dark-Side-of-the-Sun-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/3730732738739730/The-Last-Continent-Discworld-22-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/1731738732732735733/Reaper-Man-Discworld-11-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/4735732731731735/A-Hat-Full-of-Sky-Discworld-32-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/3739730738735732/The-Long-Earth-by-Terry-Pratchett.pdf
    • http://cefasfese.4pu.com/7736736737733735/Buenos-presagios-by-Terry-Pratchett.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.