Malicious PDF — malware analysis report

Static analysis result for SHA-256 cd01fa2a789959e9…

MALICIOUS

PDF

18.2 KB Created: 2019-06-09 11:39:04 +01:00 Authoring application: mPDF 5.7
MD5: d23087d7a105a7f9ab6bfc8c6e49f723 SHA-1: af53dcc77faa15d8b66284113a6dc01f88a64a4b SHA-256: cd01fa2a789959e923b9a10ccb507a3ed1de7d519b9ffd49556f935cf2a3cd25
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently flagged as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/8734733739730732/Dillard-Double-2-Injustice-for-All-amp-Reasonable-Fear-by-Scott-Pratt.pdf
    • http://cefasfese.4pu.com/6738738737733730/Injustice-For-All-Joe-Dillard-3-by-Scott-Pratt.pdf
    • http://cefasfese.4pu.com/6738738737732738/In-Good-Faith-Joe-Dillard-2-by-Scott-Pratt.pdf
    • http://cefasfese.4pu.com/1735731731733732/River-on-Fire-by-Scott-Pratt.pdf
    • http://cefasfese.4pu.com/8730732738731732/The-Mystery-Of-Rascal-Pratt-by-Robbie-Scott.pdf
    • http://cefasfese.4pu.com/1738733739739735/Reasonable-Doubt-Full-Series-Reasonable-Doubt-1-3-25-by-Whitney-G-.pdf
    • http://cefasfese.4pu.com/2730732735737734/Reasonable-Doubt-Volume-1-Reasonable-Doubt-1-by-Whitney-G-.pdf
    • http://cefasfese.4pu.com/4734736730739739/Reasonable-Doubt-Volume-1-Reasonable-Doubt-1-by-Whitney-G-.pdf
    • http://cefasfese.4pu.com/1734735735731735/Reasonable-Doubt-Volume-2-Reasonable-Doubt-2-by-Whitney-G-.pdf
    • http://cefasfese.4pu.com/3730736731739735/Three-by-Annie-Dillard-Pilgrim-at-Tinker-Creek-An-American-Childhood-The-Writing-Life-by-Annie-Dillard.pdf
    • http://cefasfese.4pu.com/2731732738735733/A-Double-Death-on-the-Black-Isle-by-A-D-Scott.pdf
    • http://cefasfese.4pu.com/1739734736732739/My-Age-of-Anxiety-Fear-Hope-Dread-and-the-Search-for-Peace-of-Mind-by-Scott-Stossel.pdf
    • http://cefasfese.4pu.com/3738730735735739/How-the-Fierce-Handle-Fear-Secrets-to-Succeeding-in-Challenging-Times-by-Sophfronia-Scott.pdf
    • http://cefasfese.4pu.com/8734733738738736/The-Annie-Dillard-Library-by-Annie-Dillard.pdf
    • http://cefasfese.4pu.com/3735739730737738/Deadly-Double-Florida-Mystery-Double-Feature-2-by-Diane-Capri.pdf
    • http://cefasfese.4pu.com/3733736732730739/The-Double-Cross-System-The-Incredible-True-Story-of-How-Nazi-Spies-Were-Turned-into-Double-Agents-by-J-C-Masterman.pdf
    • http://cefasfese.4pu.com/4734739731733734/Reasonable-Doubts-by-Jae-Moran.pdf
    • http://cefasfese.4pu.com/5739730739739/Reasonable-Faith-by-William-Lane-Craig.pdf
    • http://cefasfese.4pu.com/1739731739736739/The-Science-of-Fear-Why-We-Fear-the-Things-We-Shouldn-t--and-Put-Ourselves-in-Greater-Danger-by-Dan-Gardner.pdf
    • http://cefasfese.4pu.com/4735731734737/Hunting-Fear-Bishop-Special-Crimes-Unit-7-Fear-1-by-Kay-Hooper.pdf
    • http://cefasfese.4pu.com/2731732738735733/A-Doubl

Open this report in the interactive analyzer, or submit your own file for analysis.