Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6220eb384c2e94b…

MALICIOUS

PDF

16.9 KB Created: 2019-11-07 09:44:51 +00:00 Authoring application: mPDF 5.7
MD5: affdf787c161df340cd56407c3443fdf SHA-1: 639024ca1bb2da7add727fa220f4663d77c17a71 SHA-256: b6220eb384c2e94b895d31c8a0543c79d5a3986017c4941b06a19b7655047096
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various book titles on the domain 'cefasfese.4pu.com'. While the individual URLs are marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The ML_NYX_PDF_MALICIOUS classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9788

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3733735739735735/Rolling-in-the-Deep-Rolling-in-the-Deep-0-5-by-Mira-Grant.pdf
    • http://cefasfese.4pu.com/6739735/Rolling-in-the-Deep-Rolling-in-the-Deep-0-5-by-Mira-Grant.pdf
    • http://cefasfese.4pu.com/3730732736735738/At-the-Heart-of-the-Deep-A-Falling-in-Deep-Collection-Novella-The-Orotavan-Mermaid-Tales-1-by-Carrie-L-Wells.pdf
    • http://cefasfese.4pu.com/2733731733734735/Devil-and-the-Deep-Deep-Six-2-by-Julie-Ann-Walker.pdf
    • http://cefasfese.4pu.com/9736735739733730/Deep-Drilling-in-Crystalline-Bedrock-The-Deep-Gas-Drilling-in-the-Siljan-Impact-Structure-Sweden-and-Astroblemes-by-A-Boden.pdf
    • http://cefasfese.4pu.com/4734735733732736/In-Too-Deep-In-Too-Deep-1-by-Eliza-Jane.pdf
    • http://cefasfese.4pu.com/3733733737738735/The-Rolling-Stones-by-Robert-A-Heinlein.pdf
    • http://cefasfese.4pu.com/3734733734736736/Rolling-Thunder-by-Doug-Boyd.pdf
    • http://cefasfese.4pu.com/1735730739739736/Thunder-Rolling-in-the-Mountains-by-Scott-O-39-Dell.pdf
    • http://cefasfese.4pu.com/6733731732733/Rolling-Thunder-The-Spirit-of-Karekare-by-Bob-Harvey.pdf
    • http://cefasfese.4pu.com/9735732739730/The-Setting-Sun-and-the-Rolling-World-by-Charles-Mungoshi.pdf
    • http://cefasfese.4pu.com/6735739735731736/Deep-Blue-The-Complete-Series-Deep-Blue-1-3-by-Amie-Nichols.pdf
    • http://cefasfese.4pu.com/7737732739738732/Blown-Away-The-Rolling-Stones-and-the-Death-of-the-Sixties-by-A-E-Hotchner.pdf
    • http://cefasfese.4pu.com/4734731735734739/Like-a-Rolling-Stone-Bob-Dylan-at-the-Crossroads-by-Greil-Marcus.pdf
    • http://cefasfese.4pu.com/4739734737737732/Song-of-the-Rolling-Earth-by-John-Lister-Kaye.pdf
    • http://cefasfese.4pu.com/8735734733733730/Satisfaction-The-Rolling-Stones-Greatest-Albums-by-Marilou-Regan.pdf
    • http://cefasfese.4pu.com/3735738733731730/Gonzo-Rolling-Thunder-Motorcycle-Club-7-by-Candace-Blevins.pdf
    • http://cefasfese.4pu.com/8735734732735736/Love-You-Live-Rolling-Stones-Fanfare-From-The-Common-Fan-by-Marilou-Regan.pdf
    • http://cefasfese.4pu.com/2739738739734731/Bash-Volume-III-Rolling-Thunder-Motorcycle-Club-5-by-Candace-Blevins.pdf
    • http://cefasfese.4pu.com/5731734730736/Hunters-of-Satan-s-Monsters-Legend-of-the-Rolling-Calf-1-by-Horace-S-Mallette.pdf
    • http://cefasfese.4pu.com/17

Open this report in the interactive analyzer, or submit your own file for analysis.