Malicious PDF — malware analysis report

Static analysis result for SHA-256 cbbc95ca54892287…

MALICIOUS

PDF

14.0 KB Created: 2019-05-01 05:36:20 +01:00 Authoring application: mPDF 5.7
MD5: 0811637854011776629480b8f95ac4a5 SHA-1: d4675e75ce86b7055d0a569e5a291ce812a1a4f1 SHA-256: cbbc95ca548922878db81f18427a9b3dd303773b93268494854271a4ec1528dc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs, forming a link farm. The ML classifier strongly indicated maliciousness. The primary attack pattern involves directing users to a multitude of external PDF documents, likely as a method of distributing further malicious content or for SEO-based phishing. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9877

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7732731734733739/Les-Miserables-para-estudiantes-de-ingl-s-Libros-para-estudiantes-de-ingl-s-Book-13-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/7733731739734736/Les-Mis-rables-Macmillan-Collector-s-Library-Book-82-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/5738737739735736/Les-Mis-rables-By-Victor-Hugo---Illustrated-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/1731734736739731734/Las-185-ayudas-para-emprendedores-Gu-a-para-montar-tu-empresa-by-Expansi-n.pdf
    • http://cefasfese.4pu.com/8739736733734/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/4734732732735735/Les-Mis-rables-v-5-5-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/8731737733737732/Les-Miserables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/1730734736733733735/Les-Miserables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/5733738735739730/Los-miserables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/2735738739731733/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/3735732738732733/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/9737731730731/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/6731731735730739/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/5737739737735739/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/7731736737733735/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/2734738738731735/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/5733732735733737/Les-Miserables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/8734738736735734/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/1731730735739734735/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/6731739739739733/Les-Miserables-by-Victor-Hugo.pdf
    • http://cefasfese.4pu.com/6731731735

Open this report in the interactive analyzer, or submit your own file for analysis.