Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1ef666e71ddc76b…

MALICIOUS

PDF

14.7 KB Created: 2019-05-02 17:51:47 +01:00 Authoring application: mPDF 5.7
MD5: c469b67370f0b810e38e8a44245acaf9 SHA-1: b2e683cf05f10f6c108b86249754c78527daa0da SHA-256: d1ef666e71ddc76b45343ab077cdecd17b819cac09e390ca3601ba929be3fa6f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a link farm with 21 external links, predominantly pointing to other PDF files. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a large number of external resources, likely for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6731739732737736/Gotham-City-Sirens-Volume-2-Songs-of-the-Sirens-by-Paul-Dini.pdf
    • http://cefasfese.4pu.com/3737734737734737/Lorelei-and-the-Sirens-The-Sirens-1-by-Aaronni-Miller.pdf
    • http://cefasfese.4pu.com/8734730736739738/Since-the-Sirens-Zombie-s-1st-Bite-Edition-Sirens-of-the-Zombie-Apocalypse-1-3-by-E-E-Isherwood.pdf
    • http://cefasfese.4pu.com/6731739733730737/Sirens-by-Kurt-Reichenbaugh.pdf
    • http://cefasfese.4pu.com/1732738731731739/Sirens-Faithful-3-by-Janet-Fox.pdf
    • http://cefasfese.4pu.com/6730735734734733/Odyssey-and-Sirens-by-Vasil-Tole.pdf
    • http://cefasfese.4pu.com/1730733735738738/The-Sirens-of-Baghdad-by-Yasmina-Khadra.pdf
    • http://cefasfese.4pu.com/5732738734738737/Lights-and-Sirens-by-Kevin-Grange.pdf
    • http://cefasfese.4pu.com/7733733732735734/The-Sirens-of-Titan-by-Kurt-Vonnegut.pdf
    • http://cefasfese.4pu.com/2735731733735/The-Sirens-of-Titan-by-Kurt-Vonnegut.pdf
    • http://cefasfese.4pu.com/4732732737735739/The-Sirens-of-Titan-by-Kurt-Vonnegut.pdf
    • http://cefasfese.4pu.com/3730732739736733/Sirens-Blood-and-Brine-by-E-M-McGuiness.pdf
    • http://cefasfese.4pu.com/3732732738736736/The-Sirens-of-Baghdad-by-Yasmina-Khadra.pdf
    • http://cefasfese.4pu.com/2730735738730736/Siren-in-the-City-Texas-Sirens-2-by-Sophie-Oak.pdf
    • http://cefasfese.4pu.com/5730734739735737/Siren-in-the-City-Texas-Sirens-2-by-Sophie-Oak.pdf
    • http://cefasfese.4pu.com/7739731732731732/Gotham-City-Sirens-14-by-Tony-Bedard.pdf
    • http://cefasfese.4pu.com/1732730739734730/Siren-in-Waiting-Texas-Sirens-5-by-Sophie-Oak.pdf
    • http://cefasfese.4pu.com/4731731737731734/Hags-Sirens-and-Other-Bad-Girls-of-Fantasy-by-Denise-Little.pdf
    • http://cefasfese.4pu.com/3732734736732730/Secret-of-the-Sirens-The-Companions-Quartet-1-by-Julia-Golding.pdf
    • http://cefasfese.4pu.com/6731739733732732/Forbidden-Scandalous-Sirens-1-by-Tracy-Cooper-Posey.pdf
    • http://cefasfese.4pu.com/3732732738736736/The-Sirens-of-Bagh

Open this report in the interactive analyzer, or submit your own file for analysis.