Malicious PDF — malware analysis report

Static analysis result for SHA-256 adb7da60994f5425…

MALICIOUS

PDF

13.6 KB Created: 2019-06-04 17:49:12 +01:00 Authoring application: mPDF 5.7
MD5: a33a003622e25c6370d47f8452365884 SHA-1: 337975d59bde5490abc8073ded135f564cffb7cc SHA-256: adb7da60994f542557fa8ef680362b2abe7d0ba296593b890004658f976613c9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a domain that hosts numerous book-themed PDFs, likely as a lure. No scripts were extracted, and the document body was heavily corrupted, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1738733738738730/Damian-s-Immortal-War-of-Gods-3-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/7736733738734/Damian-s-Oracle-War-of-Gods-1-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/3737736732732730/War-of-Gods-War-of-Gods-1-3-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1733735736738732/Star-Kissed-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1738733737734730/Mind-Caf-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1738733738738734/A-Demon-s-Desire-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1738733739730735/The-Warlord-s-Secret-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/8731737737736/Soldier-Mine-Sons-of-War-2-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/2734738739735733/The-Underworld-Rhyn-Eternal-4-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/2735739730736732/Revealed-Starwalkers-Serial-4-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/2737732731733738/Summer-Night-The-Witchling-1-5-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/2735739735730733/Cursed-Voodoo-Nights-1-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/2732730730736734/Darkyn-s-Mate-Rhyn-Eternal-3-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1731735737733737/Katie-s-Hellion-Rhyn-Trilogy-1-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/3731730733733734/Charred-Tears-Heart-of-Fire-2-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1738733739730739/Kiera-s-Moon-The-Anshan-Saga-1-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/3730736738736734/Gabriel-s-Hope-Rhyn-Eternal-1-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/3737736732735738/Katie-s-Hellion-amp-Katie-s-Hope-Rhyn-Trilogy-1-2-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1738738737736739/Trial-by-Moon-Trial-Series-1-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/4735734731739730/Trial-by-Blood-Trial-Series-3-by-Lizzy-Ford.pdf
    • http://cefasfese.4pu.com/1731735737733737/Katie-s-Hellion

Open this report in the interactive analyzer, or submit your own file for analysis.