Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5ebb83b747b7e17…

MALICIOUS

PDF

12.5 KB Created: 2020-01-02 06:03:39 +00:00 Authoring application: mPDF 5.7
MD5: 2f872070956c62b98beee5b02d055511 SHA-1: 3211120e935ec7b757cecbace42ce1ce30da0b23 SHA-256: d5ebb83b747b7e1771bbcb6e3289dace4329de2cebf85f8648e5c548ba8ddb90
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDFs hosted on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or SEO poisoning attack, designed to drive traffic to a specific set of URLs. No scripts were extracted, and the document body was heavily corrupted, preventing a deeper analysis of the immediate user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1738730737730738/Mr-Greedy-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3738730737737731/Mr-Mischief-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/9730738739730/Mr-Tickle-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3738730737736732/Mr-Dizzy-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/1738730737730739/Mr-Happy-Mr-Men-3-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3738730737736735/Mr-Grumpy-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3738730737737730/Mr-Clever-Mr-Men-37-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3738730732739739/Mr-Noisy-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3731735736731731/Mr-Nonsense-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3738730736738735/Mr-Funny-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/3731732734738730/Mr-Skinny-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/5730733733731735/Mr-Men-12-Days-of-Christmas-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/5730733733731736/Little-Miss-Christmas-by-Roger-Hargreaves.pdf
    • http://cefasfese.4pu.com/1730735730732733736/Ebb-and-Flo-and-the-Greedy-Gulls-by-Jane-Simmons.pdf
    • http://cefasfese.4pu.com/3735731732738733/The-Case-of-the-Greedy-Lawyers-by-Carl-Brookins.pdf
    • http://cefasfese.4pu.com/3738738733738736/Greedy-Pigs-Sin-du-Jour-5-by-Matt-Wallace.pdf
    • http://cefasfese.4pu.com/6730734735730734/The-Dreamcatcher-Adventures-Greedy-Jack-Wallace-by-Adam-C-Veile.pdf
    • http://cefasfese.4pu.com/7730731739737733/Poste-Restante-Vol-2-of-3-A-Novel-by-C-Y-Hargreaves.pdf
    • http://cefasfese.4pu.com/4736732736735733/Miss-Hargreaves-by-Frank-Baker.pdf
    • http://cefasfese.4pu.com/4736730739731738/Doctor-Who-Dr-Fourth-by-Adam-Hargreaves.pdf
    • http://cefasfese.4pu.com/373573

Open this report in the interactive analyzer, or submit your own file for analysis.