Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8fe1c059cc9d1eb…

MALICIOUS

PDF

15.6 KB Created: 2019-05-03 07:58:43 +01:00 Authoring application: mPDF 5.7
MD5: c3291071cc5ccd4036a6b0d24f7206b9 SHA-1: 2f81440441e91898664d9b3cd257e75e115fb0c3 SHA-256: c8fe1c059cc9d1eb861124701ca34c78427f43d443b8bfda7d2281758a3a0562
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm, likely for SEO poisoning or to host malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5735730738730731/Resistance-Rebellion-2-by-Josephine-Boyce.pdf
    • http://cefasfese.4pu.com/4737734738737/The-Many-Lives-amp-Secret-Sorrows-of-Josephine-B-Josephine-Bonaparte-1-by-Sandra-Gulland.pdf
    • http://cefasfese.4pu.com/3732737732734732/Rebellion-s-Fury-Flames-of-Rebellion-2-by-Jay-Allan.pdf
    • http://cefasfese.4pu.com/5735730737731733/Join-the-Resistance-Star-Wars-Join-the-Resistance-1-by-Ben-Acker.pdf
    • http://cefasfese.4pu.com/3735731731730737/The-Fantasy-World-of-Josephine-Wall-by-Josephine-Wall.pdf
    • http://cefasfese.4pu.com/5730733735738734/Once-an-Innocent-Once-A-3-by-Elizabeth-Boyce.pdf
    • http://cefasfese.4pu.com/5737739732730/Heritage-The-Grimoire-Saga-3-by-S-M-Boyce.pdf
    • http://cefasfese.4pu.com/7733739735736/Millions-by-Frank-Cottrell-Boyce.pdf
    • http://cefasfese.4pu.com/3733734738738736/Lichgates-Grimoire-Saga-1-by-S-M-Boyce.pdf
    • http://cefasfese.4pu.com/4730734731734/Framed-by-Frank-Cottrell-Boyce.pdf
    • http://cefasfese.4pu.com/1730738730738735/Van-Diemen-s-Land-by-James-Boyce.pdf
    • http://cefasfese.4pu.com/7733731730739730/Truth-Within-Dreams-The-Honorables-1-5-by-Elizabeth-Boyce.pdf
    • http://cefasfese.4pu.com/2733739735737735/The-Astounding-Broccoli-Boy-by-Frank-Cottrell-Boyce.pdf
    • http://cefasfese.4pu.com/1731732733734734735/Raku-Glass---A-Kiln-Firing-Process-by-Boyce-Lundstrom.pdf
    • http://cefasfese.4pu.com/4737737734731739/Left-of-Karl-Marx-The-Political-Life-of-Black-Communist-Claudia-Jones-by-Carole-Boyce-Davies.pdf
    • http://cefasfese.4pu.com/1731732733733738730/Kiln-Firing-Glass-Glass-Fusing-Book-One-by-Boyce-Lundstrom.pdf
    • http://cefasfese.4pu.com/2732737737731738/The-Beachcomber-by-Josephine-Cox.pdf
    • http://cefasfese.4pu.com/1738732732736733/Three-Letters-by-Josephine-Cox.pdf
    • http://cefasfese.4pu.com/2737739733735732/The-Broken-Man-by-Josephine-Cox.pdf
    • http://cefasfese.4pu.com/1736730735731739/The-Hot-Floor-by-Josephine-Myles.pdf
    • http://cefasfese.4pu.com/1

Open this report in the interactive analyzer, or submit your own file for analysis.