Malicious PDF — malware analysis report

Static analysis result for SHA-256 b1c3817807d69511…

MALICIOUS

PDF

15.4 KB Created: 2019-06-09 11:43:45 +01:00 Authoring application: mPDF 5.7
MD5: d6a4f1d228a6cb58d381ad17588a7a7c SHA-1: adb4cc8cf62bb33baea5ea967f01220df424450c SHA-256: b1c3817807d6951119b36878b3beb3ed8a9a25d0a51f6cd452e109a2a3c0c74e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently flagged as benign, the sheer volume and the heuristic 'PDF_SEO_LINK_FARM' strongly suggest a malicious intent, likely for SEO manipulation or to redirect users to potentially harmful content. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese
    • http://cefasfese.4pu.com/9735738739734733/Through-The-Fire-A-Personal-Memoir-by-Theresa-Vandermeer-by-Theresa-Anne-Vandermeer.pdf
    • http://cefasfese.4pu.com/9735738739735735/Through-the-Fire-Based-on-a-True-Story-About-a-Young-Girl-That-Was-Maliciously-Burned-in-a-House-Fire-by-Theresa-A-Vandermeer.pdf
    • http://cefasfese.4pu.com/9735738734739732/Vandermeer-2005-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738739735734/Weird-Tales-359-by-Anne-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738735730731/ODD-by-Ann-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738735736736/Errata-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/1735737738734735/Authority-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738735735739/Komodo-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/8730739732731731/The-Situation-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738735730730/Vandermeer-s-Curse-by-M-Harris.pdf
    • http://cefasfese.4pu.com/9735738734739733/Secret-Life-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/2735736736738733/The-Steampunk-Bible-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/2736731735732/Veniss-Underground-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738735736739/The-Compass-of-His-Bones-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738734739735/Predator-South-China-Sea-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738739735731/Ecological-Complexity-and-Agroecology-by-John-Vandermeer.pdf
    • http://cefasfese.4pu.com/2731735735730737/Annihilation-Southern-Reach-1-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/9735738738732739/Mapping-The-Beast-The-Best-Of-Leviathan-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/4737731730739732/Acceptance-Southern-Reach-3-by-Jeff-VanderMeer.pdf
    • http://cefasfese.4pu.com/4733731735739/Authority-Southern-Reach-2-by-Jeff-VanderMeer.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.