Malicious PDF — malware analysis report

Static analysis result for SHA-256 b0f1e1fa27f275cf…

MALICIOUS

PDF

13.7 KB Created: 2019-05-01 05:05:54 +01:00 Authoring application: mPDF 5.7
MD5: 392f177b356ca734e3474acd6c76a431 SHA-1: b66aa342c5a7fc189c5099312e2a26c816cf2f9e SHA-256: b0f1e1fa27f275cfb55b33583a20c6602e52e2a8a6009a4490938a6ed368d1e7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs, forming a link farm. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing suggest a potential attempt to manipulate search engine results or to serve malicious content through these links. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfes
    • http://cefasfese.4pu.com/1734734738735734/Remember-When-2-The-Sequel-Remember-Trilogy-2-by-T-Torrest.pdf
    • http://cefasfese.4pu.com/3731734734739730/Remember-When-Remember-Trilogy-1-by-T-Torrest.pdf
    • http://cefasfese.4pu.com/4731731735736738/Remember-When-Trilogy-The-Remember-Trilogy-1-3-by-T-Torrest.pdf
    • http://cefasfese.4pu.com/2730735732736/Remember-Me-The-Rosewood-Trilogy-1-by-Laura-Moore.pdf
    • http://cefasfese.4pu.com/8738732732738/Because-I-Remember-Terror-Father-I-Remember-You-by-Sue-William-Silverman.pdf
    • http://cefasfese.4pu.com/3738732736737/Remember-Me-Remember-Me-1-by-Christopher-Pike.pdf
    • http://cefasfese.4pu.com/3738735730730/Remember-Me-Remember-Me-1-3-by-Christopher-Pike.pdf
    • http://cefasfese.4pu.com/7735734733731733/Remember-Remember-by-Lynn-Thibodeau.pdf
    • http://cefasfese.4pu.com/1737733739736733/I-Remember-by-Joe-Brainard.pdf
    • http://cefasfese.4pu.com/4734730732739/Remember-Me-by-Lesley-Pearse.pdf
    • http://cefasfese.4pu.com/4735732731736731/Remember-Your-Name-by-Erik-G-LeMoullec.pdf
    • http://cefasfese.4pu.com/2734739731738730/Night-to-Remember-by-Eve-Vaughn.pdf
    • http://cefasfese.4pu.com/1739739732737733/Remember-Me-by-Lynn-Lorenz.pdf
    • http://cefasfese.4pu.com/4737738737734736/I-Remember-When-by-Dawn-Wynne.pdf
    • http://cefasfese.4pu.com/3733737738735/Remember-Me-by-Sophie-Kinsella.pdf
    • http://cefasfese.4pu.com/2736732737732731/Remember-Me-This-Way-A-Novel-by-Sabine-Durrant.pdf
    • http://cefasfese.4pu.com/2730733731735735/Try-to-Remember-by-Vanessa-James.pdf
    • http://cefasfese.4pu.com/3736734732735739/Please-Remember-Me-by-Jacob-Z-Flores.pdf
    • http://cefasfese.4pu.com/3733734734739733/I-Still-Remember-by-Priya-Prithviraj.pdf
    • http://cefasfese.4pu.com/2736730735734736/Time-to-Remember-by-Kim-Dare.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.