Malicious PDF — malware analysis report

Static analysis result for SHA-256 b257fbe937a5c8ff…

MALICIOUS

PDF

13.7 KB Created: 2019-05-03 05:52:28 +01:00 Authoring application: mPDF 5.7
MD5: 02f0a70d1caab044e54473a8697b9c33 SHA-1: 44eb83ea47c73d9a4e42eae34366a28afd624898 SHA-256: b257fbe937a5c8ff88e5ece5e67c3718a693211ba09b761533460347888c4836
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF files. While the specific content of the linked PDFs are benign, the sheer volume and structure suggest a link farm designed to attract traffic or potentially mask malicious activity. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1732739730734736/Sunburn-Fear-Street-19-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3732738736732733/Don-t-Stay-Up-Late-A-Fear-Street-Novel-Fear-Street-Relaunch-2-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/2734735730731731/Camp-Fear-Ghouls-Ghosts-of-Fear-Street-18-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/2734733736731730/Cat-Fear-Street-45-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3737739731732731/The-Confession-Fear-Street-38-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/9736734733738732/Fear-Street-30---Die-Mitbewohnerin-T-r-an-T-r-mit-dem-Tod-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3736736736730738/Trapped-Fear-Street-51-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3737739732732739/Lights-Out-Fear-Street-12-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/4739738732738730/The-Cheater-Fear-Street-18-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3737738732734736/The-Face-Fear-Street-35-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/7738735736737/The-Best-Friend-Fear-Street-17-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/1738730737737730/The-Confession-Fear-Street-38-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/9738735730732/Switched-Fear-Street-31-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3730732730738738/Bad-Dreams-Fear-Street-22-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/1731734732732735735/Fear-Street-12---Teufelskreis-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/9738731731732734/Fear-Street-9---Eifersucht-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3737739731730737/Night-Games-Fear-Street-40-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/2730731735734732/No-Answer-Fear-Street-Seniors-4-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/3737739731731732/The-Fire-Game-Fear-Street-11-by-R-L-Stine.pdf
    • http://cefasfese.4pu.com/2734733732734737/The-Ooze-Ghosts-of-Fear-Street-8-by-R-L-Stine.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.