Malicious PDF — malware analysis report

Static analysis result for SHA-256 abb47a865f049f8d…

MALICIOUS

PDF

13.9 KB Created: 2019-11-07 22:15:33 +00:00 Authoring application: mPDF 5.7
MD5: 64a624936c81493e4186c3d28880750a SHA-1: 848befa39933e2c6a1ca5782581f390b5e234c49 SHA-256: abb47a865f049f8d799abf75ab36e5a040a26f2f4cafa60bb076e9c27725f35f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing suggest a malicious intent, possibly for SEO manipulation or to redirect users to malicious content. No scripts were extracted from this sample, limiting further analysis of its behavior.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4738738730739739/The-Official-Sloane-Ranger-Diary-The-First-Guide-to-the-Sloane-Year-by-Ann-Barr.pdf
    • http://cefasfese.4pu.com/4731738738737/Diary-of-an-Early-American-Boy-by-Eric-Sloane.pdf
    • http://cefasfese.4pu.com/5736734735737734/Coco-All-Year-Round-by-Sloane-Tanen.pdf
    • http://cefasfese.4pu.com/4732737734733736/A-Map-to-the-Sun-by-Sloane-Leong.pdf
    • http://cefasfese.4pu.com/2739734737739731/Look-Alive-Out-There-by-Sloane-Crosley.pdf
    • http://cefasfese.4pu.com/4736735737739737/The-Doctor-by-Nikki-Sloane.pdf
    • http://cefasfese.4pu.com/2736737737737733/The-Seduction-by-Roxy-Sloane.pdf
    • http://cefasfese.4pu.com/1731732731737739732/Femme-Fatale-by-Sloane-Peterson.pdf
    • http://cefasfese.4pu.com/7731732736/Shattered-The-Protectors-11-by-Sloane-Kennedy.pdf
    • http://cefasfese.4pu.com/9734737735732/Martin-Sloane-by-Michael-Redhill.pdf
    • http://cefasfese.4pu.com/6739738739737733/The-Magicians-A-Margot-amp-Max-Mystery-by-Kit-Sloane.pdf
    • http://cefasfese.4pu.com/3738737735739736/Finnish-Fantasies-by-Sloane-Taylor.pdf
    • http://cefasfese.4pu.com/7739734736734736/Vengeance-The-Protectors-5-by-Sloane-Kennedy.pdf
    • http://cefasfese.4pu.com/3733737739730737/Salvation-The-Protectors-2-by-Sloane-Kennedy.pdf
    • http://cefasfese.4pu.com/7735733731739733/Killing-Me-Softly-by-Bianca-Sloane.pdf
    • http://cefasfese.4pu.com/3735735734732732/Retribution-The-Protectors-3-by-Sloane-Kennedy.pdf
    • http://cefasfese.4pu.com/1736738739731732/Once-to-Every-Man-A-Memoir-by-William-Sloane-Coffin-Jr-.pdf
    • http://cefasfese.4pu.com/3733736737732730/Revelation-The-Protectors-7-by-Sloane-Kennedy.pdf
    • http://cefasfese.4pu.com/1734738731732739/Surrender-The-Invitation-2-by-Roxy-Sloane.pdf
    • http://cefasfese.4pu.com/3731734736/Absolution-The-Protectors-1-by-Sloane-Kennedy.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.