Malicious PDF — malware analysis report

Static analysis result for SHA-256 aebc5babe64e88be…

MALICIOUS

PDF

15.8 KB Created: 2019-05-24 17:46:43 +01:00 Authoring application: mPDF 5.7
MD5: 01ed7987b7b40acc5601545165bcdd15 SHA-1: 47d7e20d65d8daac0b00b2c519ddc7bd20ceb25c SHA-256: aebc5babe64e88be2b3781ca1257aa3b61cb3fa9a86b5a04c11b49ce35932998
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which is a common technique for SEO poisoning or distributing malicious content. Although the specific URLs extracted were labeled as confirmed_benign, the sheer volume and the heuristic firing indicate a malicious intent to redirect users. The ML_NYX_PDF_MALICIOUS classifier also strongly suggests maliciousness. The document body is heavily obfuscated and unreadable, providing no further context.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3731730738737730/Exotica-Seven-Days-of-Kama-Sutra-Nine-Days-of-Arabian-Nights-by-Eden-Bradley.pdf
    • http://cefasfese.4pu.com/1736739730738738/Arabian-Nights-and-Days-by-Naguib-Mahfouz.pdf
    • http://cefasfese.4pu.com/2732735732732730/All-the-Days-and-Nights-by-Niven-Govinden.pdf
    • http://cefasfese.4pu.com/3731730732732/Nights-and-Days-by-James-Merrill.pdf
    • http://cefasfese.4pu.com/9731731735730733/Days-and-Nights-by-Konstantin-Simonov.pdf
    • http://cefasfese.4pu.com/8731736731/9-Days-and-9-Nights-by-Katie-Cotugno.pdf
    • http://cefasfese.4pu.com/4739734737730736/The-Kama-Sutra-by-Mallanaga-V-tsy-yana.pdf
    • http://cefasfese.4pu.com/6735738739733731/Kama-Sutra-by-Mallanaga-V-tsy-yana.pdf
    • http://cefasfese.4pu.com/4738734734739/Days-and-Nights-of-Love-and-War-by-Eduardo-Galeano.pdf
    • http://cefasfese.4pu.com/5739734735732730/Days-and-Nights-in-Calcutta-by-Clark-Blaise.pdf
    • http://cefasfese.4pu.com/6733734730739735/Kama-Sutra-Lovers-by-Anny-Cook.pdf
    • http://cefasfese.4pu.com/4739730732735731/The-Revised-Kama-Sutra-by-Richard-Crasta.pdf
    • http://cefasfese.4pu.com/4732735739735732/The-Illustrated-Kama-Sutra-by-Mallanaga-V-tsy-yana.pdf
    • http://cefasfese.4pu.com/1731734735735732735/Grenzen---Wie-weit-gehst-Du-by-Kama-Sutra.pdf
    • http://cefasfese.4pu.com/3730736739732735/Tokyo-Days-Bangkok-Nights-by-Jonathan-Vankin.pdf
    • http://cefasfese.4pu.com/1734730733733739/All-the-Days-and-Nights-The-Collected-Stories-by-William-Maxwell.pdf
    • http://cefasfese.4pu.com/3737735734733/Days-of-Magic-Nights-of-War-Abarat-2-by-Clive-Barker.pdf
    • http://cefasfese.4pu.com/1730739736734738734/The-Kama-Sutra-and-Ananga-Ranga-by-Mallanaga-V-tsy-yana.pdf
    • http://cefasfese.4pu.com/1731734739731737736/The-Book-of-the-Thousand-Nights-and-a-Night-also-called-The-Arabian-Nights-by-Anonymous.pdf
    • http://cefasfese.4pu.com/7735730734734739/The-Arabian-Nights-Entertainments-Or-The-Book-of-a-Thousand-Nights-and-a-Night-by-Anonymous.pdf
    • http://cefasfese.4pu.com/1731734735735732735/Grenzen---Wie-weit-gehst

Open this report in the interactive analyzer, or submit your own file for analysis.