Malicious PDF — malware analysis report

Static analysis result for SHA-256 b030bf1cb0a4ac24…

MALICIOUS

PDF

12.5 KB Created: 2019-05-02 06:08:26 +01:00 Authoring application: mPDF 5.7
MD5: 5edff6693c0c8ad5c90c762b09c9477f SHA-1: 57920a1b7d233b29de5410fd93414faf802bda23 SHA-256: b030bf1cb0a4ac24b964c895da0cec22c483e08fb7f5d036d8bd7b89c55487ef
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links are presented in a way that suggests they lead to book downloads, but the dominant host 'cefasfese.4pu.com' is associated with a link farm. The embedded URLs are likely part of a scheme to redirect users to malicious sites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4738733735736731/Cranford-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/4736732730738739/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/3732735730731/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/9739738732733733/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/6733735733730/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/4735731731737732/The-Old-Nurse-s-Story-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/2730735732738735/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/8738739733739739/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/5730734735739737/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/3737730736731737/Wives-and-Daughters-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/6730731730737738/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/4731732735730734/Mary-Barton-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/3735735732732736/North-and-South-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/2735730737734735/Wives-and-Daughters-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/9735737730739739/Mr-Harrison-s-Confessions-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/4738734739739734/Cousin-Phillis-and-Other-Tales-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/3738730735735736/The-Life-of-Charlotte-Bront-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/2735733739731731/Cranford-Cousin-Phillis-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/7739739737736739/Tales-of-Mystery-amp-the-Macabre-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/1730734739735736739/The-Moorland-Cottage-and-Other-Stories-by-Elizabeth-Gaskell.pdf
    • http://cefasfese.4pu.com/9735737730739739/Mr-Harrison-s-Confessions-by-Eli

Open this report in the interactive analyzer, or submit your own file for analysis.