Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb1e7801d321b1e4…

MALICIOUS

PDF

19.5 KB Created: 2019-05-04 14:04:39 +01:00 Authoring application: mPDF 5.7
MD5: 6661b53cced62c40484245ac8c0a234c SHA-1: 9afae1f5b0c0e838ec14dfc5c1d6a499f807c4d0 SHA-256: cb1e7801d321b1e4ad8eb381d7f33c67b32c2ae396849f0eb9b7be48a8adca0a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is unreadable, the presence of 25 external links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample. The dominant host for these links is 'cefasfese.4pu.com'.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4731733738737735/Double-Bluff---Book-1-by-Ben-Child.pdf
    • http://cefasfese.4pu.com/1731730739731735731/Double-Pass-Burnside-Series-Book-7-by-David-Chill.pdf
    • http://cefasfese.4pu.com/9739739736735737/Melodious-Double-Stops-for-Violin-Book-I-by-Josephine-Trott.pdf
    • http://cefasfese.4pu.com/3735739730737738/Deadly-Double-Florida-Mystery-Double-Feature-2-by-Diane-Capri.pdf
    • http://cefasfese.4pu.com/2739731737730734/Fifth-Child-The-Turbulent-Path-That-Led-to-Parenting-My-Child-s-Child-by-Lynne-R-Gassel.pdf
    • http://cefasfese.4pu.com/2730737730738738/Legend-of-the-Mediterranean-and-The-Illusive-Lord-of-the-Sea-A-double-book-set-by-Marlene-K-Slade.pdf
    • http://cefasfese.4pu.com/3733736732730739/The-Double-Cross-System-The-Incredible-True-Story-of-How-Nazi-Spies-Were-Turned-into-Double-Agents-by-J-C-Masterman.pdf
    • http://cefasfese.4pu.com/2736738739733731/Who-s-Afraid-of-the-Big-Bad-Book-by-Lauren-Child.pdf
    • http://cefasfese.4pu.com/9730736732739733/A-Stitch-in-Time-Basket-Stitch-Double-Cross-Spider-Web-Rose-Double-Running-by-Victoria-Bateman.pdf
    • http://cefasfese.4pu.com/2739732731736/Double-Crossing-Double-1-by-Meg-Mims.pdf
    • http://cefasfese.4pu.com/7737731737737735/Through-the-Eyes-of-a-Child-God-Created-It-All-Book-1-by-Pam-Funke.pdf
    • http://cefasfese.4pu.com/6735735735732737/My-Flower-pot-Child-s-Picture-Book-by-N-H-Concord.pdf
    • http://cefasfese.4pu.com/6737738736735/A-Child-s-Book-of-True-Crime-by-Chloe-Hooper.pdf
    • http://cefasfese.4pu.com/1730735737739731733/Nightwalkers-Book-One-Night-Child-by-Christopher-Bynum.pdf
    • http://cefasfese.4pu.com/9731739735733/Sentinels-Book-1-Part-1-of-The-One-True-Child-Series-by-L-C-Conn.pdf
    • http://cefasfese.4pu.com/3739737734735/The-Book-Whisperer-Awakening-the-Inner-Reader-in-Every-Child-by-Donalyn-Miller.pdf
    • http://cefasfese.4pu.com/3731739732731735/The-Vaccine-Book-Making-the-Right-Decision-for-Your-Child-by-Robert-W-Sears.pdf
    • http://cefasfese.4pu.com/1730737731730735738/Rizzoli-amp-Isles-Series-10-Book-Bundle-The-Surgeon-the-Apprentice-the-Sinner-Body-Double-Vanish-the-Mephesto-Club-the-Keepsake-Ice-Cold-Th-by-Tess-Gerritsen.pdf
    • http://cefasfese.4pu.com/2739732730739736/Wolf-s-Bluff-by-W-D-Gagliani.pdf
    • http://cefasfese.4pu.com/2737732738732734/About-a-Dog-Bluff-Point-1-by-Jenn-McKinlay.pdf
    • http://cefasfese.4pu.com/2730737730738738/Legend-of-the-Mediterran

Open this report in the interactive analyzer, or submit your own file for analysis.