Malicious PDF — malware analysis report

Static analysis result for SHA-256 a97ae20270892420…

MALICIOUS

PDF

17.4 KB Created: 2019-11-07 09:36:01 +00:00 Authoring application: mPDF 5.7
MD5: 0d0abb3038c6ced8219d2a680214fb3a SHA-1: eb47fc23472c86c1c73b84efbb267cf0f9573273 SHA-256: a97ae2027089242013e0089c1dae94f9d94e21b4d6c49369e29195206e6b01bd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing suggest a malicious intent, likely to redirect users to a compromised or malicious site. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9787

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7732733731736731/Brahms-Piano-Music-by-Denis-Matthews.pdf
    • http://cefasfese.4pu.com/7732733730731733/Conducting-the-Brahms-Symphonies-From-Brahms-to-Boult-by-Christopher-Dyment.pdf
    • http://cefasfese.4pu.com/7732732738736734/Johannes-Brahms-Life-and-Letters-by-Johannes-Brahms.pdf
    • http://cefasfese.4pu.com/1730732734738734/Glissando-A-Melodrama-by-David-Musgrave.pdf
    • http://cefasfese.4pu.com/3735734736731739/Michael-Connelly-CD-Collection-2-The-Concrete-Blonde-The-Last-Coyote-Trunk-Music-by-Michael-Connelly.pdf
    • http://cefasfese.4pu.com/1730736733738738736/Score-Reading-A-Key-to-the-Music-Experience-by-Michael-Dickreiter.pdf
    • http://cefasfese.4pu.com/9733735738737735/China-and-the-West-Music-Representation-and-Reception-by-Michael-Saffle.pdf
    • http://cefasfese.4pu.com/9733735738737734/Perspectives-on-American-Music-1900-1950-by-Michael-Saffle.pdf
    • http://cefasfese.4pu.com/8735731735734736/The-Complete-Idiot-s-Guide-to-Music-Composition-by-Michael-Miller.pdf
    • http://cefasfese.4pu.com/4734731731735731/Crossroads-The-Life-and-Music-of-Eric-Clapton-by-Michael-Schumacher.pdf
    • http://cefasfese.4pu.com/9733735739736738/Perspectives-on-American-Music-1900-1950-by-Michael-Saffle.pdf
    • http://cefasfese.4pu.com/4733730735734732/Monster-City-Murder-Music-and-Mayhem-in-Nashville-s-Dark-Age-by-Michael-Arntfield.pdf
    • http://cefasfese.4pu.com/4737738738739734/Listen-Out-Loud-A-Life-in-Music--Managing-McCartney-Madonna-and-Michael-Jackson-by-Ron-Weisner.pdf
    • http://cefasfese.4pu.com/9733735738737731/Analecta-Lisztiana-II-New-Light-on-Liszt-and-His-Music-Essays-in-Honor-of-Alan-Walker-s-65th-Birthday-by-Michael-Saffle.pdf
    • http://cefasfese.4pu.com/7732733730737738/Brahms-by-Kenneth-McLeish.pdf
    • http://cefasfese.4pu.com/7732733730737732/The-Lieder-Of-Brahms-by-Max-Harrison.pdf
    • http://cefasfese.4pu.com/7732733730738731/Brahms-by-Joan-Chissell.pdf
    • http://cefasfese.4pu.com/3735730731733738/Johannes-Brahms-A-Biography-by-Jan-Swafford.pdf
    • http://cefasfese.4pu.com/7732733730736738/Johannes-Brahms-by-Heather-Platt.pdf
    • http://cefasfese.4pu.com/2736732736732735/Do-You-Like-Brahms-Lyubite-Li-Vy-Bramsa-by-Sagan-F-.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.