Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5a01508c4eec2e7…

MALICIOUS

PDF

12.4 KB Created: 2019-05-10 12:02:15 +01:00 Authoring application: mPDF 5.7
MD5: 921f6486e7ad73200fd309aa0e066e16 SHA-1: 0b84301ee417dc4b28b5c4018634ec0a1acdc9b9 SHA-256: c5a01508c4eec2e7ede2a342407600682bf65c6398bb317433cc90f33fdc58d6
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' confirms this behavior, identifying 'cefasfese.4pu.com' as the dominant host for these links. While the URLs themselves are marked as benign, the sheer volume and pattern suggest a malicious intent to drive traffic or potentially host further malicious payloads. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7738735739/Varina-by-Charles-Frazier.pdf
    • http://cefasfese.4pu.com/1738736733733732/Cold-Mountain-by-Charles-Frazier.pdf
    • http://cefasfese.4pu.com/4737732736735/The-Thirteen-Hallows-Thirteen-Hallows-1-by-Michael-Scott.pdf
    • http://cefasfese.4pu.com/3736738733737738/13-MOONS-by-Eeleen-Lee.pdf
    • http://cefasfese.4pu.com/2736738731733730/Nobody-Better-Better-Than-Nobody-by-Ian-Frazier.pdf
    • http://cefasfese.4pu.com/1731732732739734739/4-Blood-Moons-by-Larry-Huch.pdf
    • http://cefasfese.4pu.com/3737732732732737/Lost-Under-Two-Moons-by-Lindsay-Schopfer.pdf
    • http://cefasfese.4pu.com/1730738733732738733/The-Gora-Moons-by-Colin-Foreman.pdf
    • http://cefasfese.4pu.com/1730736734730732/Two-Moons-in-August-by-Martha-Brooks.pdf
    • http://cefasfese.4pu.com/5730733736733738/1300-Moons-by-David-D-Plain.pdf
    • http://cefasfese.4pu.com/7737738736735737/The-Knot-Nine-Moons-Nalee-7-by-Lucrezia.pdf
    • http://cefasfese.4pu.com/5731738734731739/Moon-Full-of-Moons-by-Kat-Lehmann.pdf
    • http://cefasfese.4pu.com/2736737738733732/Family-by-Ian-Frazier.pdf
    • http://cefasfese.4pu.com/3734739731730/Preppy-by-T-M-Frazier.pdf
    • http://cefasfese.4pu.com/3735730733/All-the-Rage-by-T-M-Frazier.pdf
    • http://cefasfese.4pu.com/4739730737730731/Two-Moons-Star-of-Deltora-2-by-Emily-Rodda.pdf
    • http://cefasfese.4pu.com/1731730730739738739/Saturn-s-Moons-A-W-G-Sebald-Handbook-by-Jo-Catling.pdf
    • http://cefasfese.4pu.com/1730736735732737/Wavering-by-Virginia-Frazier.pdf
    • http://cefasfese.4pu.com/3730736735735731/My-Sweet-Villaintine-by-T-M-Frazier.pdf
    • http://cefasfese.4pu.com/7734737731/Up-in-Smoke-King-8-by-T-M-Frazier.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.