Malicious PDF — malware analysis report

Static analysis result for SHA-256 c1487e9b84cac6d6…

MALICIOUS

PDF

15.1 KB Created: 2019-05-02 05:09:44 +01:00 Authoring application: mPDF 5.7
MD5: 0951e1add25d89b427cc14df9233a723 SHA-1: f117511dd5500a782f9cbd3b7aa055f34d8c5ea3 SHA-256: c1487e9b84cac6d634df99d565dff80bf0be5b4af16fa6d3b148d68eeb64cc33
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDFs, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to a domain that appears to be used for hosting numerous book-related PDFs, suggesting a potential SEO poisoning or link farm tactic to drive traffic or distribute malicious content indirectly. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4738732730731738/The-Matteawan-Asylum-The-Asylum-for-Insane-Criminals-Book-1-by-Bob-Martin.pdf
    • http://cefasfese.4pu.com/1737735736737736/Escape-from-Asylum-Asylum-0-5-by-Madeleine-Roux.pdf
    • http://cefasfese.4pu.com/3735731738/Escape-from-Asylum-Asylum-0-5-by-Madeleine-Roux.pdf
    • http://cefasfese.4pu.com/4733730732735738/Escape-from-Asylum-Asylum-0-5-by-Madeleine-Roux.pdf
    • http://cefasfese.4pu.com/1731730739738734/Asylum-Asylum-1-by-Madeleine-Roux.pdf
    • http://cefasfese.4pu.com/7739734730737733/Carried-Away-To-an-Insane-Asylum-Reminiscences-of-Growing-Up-in-an-Insane-Asylum-in-Reykjavik-by-J-n-Helgi.pdf
    • http://cefasfese.4pu.com/3736737735737737/Women-and-Other-Monsters-by-Bernard-Schaffer.pdf
    • http://cefasfese.4pu.com/1731733735730739730/Das-Venezianische-Druck--Und-Verlagswesen-Im-Zeitalter-Der-Aufklaerung-by-Beatrix-Schaffer.pdf
    • http://cefasfese.4pu.com/1733737734736739/Asylum-A-Novel-by-Marcus-Low.pdf
    • http://cefasfese.4pu.com/4733738735730730/In-the-Mix-The-GEG-2-by-Jacquelyn-Ayres.pdf
    • http://cefasfese.4pu.com/4739737733732734/Asylum-by-Lily-White.pdf
    • http://cefasfese.4pu.com/4738732731732737/The-Asylum-by-Brandy-Sullivan.pdf
    • http://cefasfese.4pu.com/1735731735731738/Asylum-by-Sherry-Logsdon.pdf
    • http://cefasfese.4pu.com/1736739730733736/ASYLUM-by-Claude-Bouchard.pdf
    • http://cefasfese.4pu.com/3731733736730732/Asylum-Lake-by-R-A-Evans.pdf
    • http://cefasfese.4pu.com/3735738732732734/Asylum-by-Isobel-Blackthorn.pdf
    • http://cefasfese.4pu.com/3738732733732732/Forbidden-by-Jacquelyn-Frank.pdf
    • http://cefasfese.4pu.com/1738736734738733/Second-Nature-by-Jacquelyn-Mitchard.pdf
    • http://cefasfese.4pu.com/6730738736736739/Sunrise-by-Jacquelyn-Cook.pdf
    • http://cefasfese.4pu.com/3736737737730734/Asylum-Sanctuary-2-by-Cassidy-Hunter.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.