Malicious PDF — malware analysis report

Static analysis result for SHA-256 db0c02dd94a6997c…

MALICIOUS

PDF

15.1 KB Created: 2019-05-04 06:40:36 +01:00 Authoring application: mPDF 5.7
MD5: b7fc9fc9155275431e07f6f258f094b6 SHA-1: 941cc065f2b0f6d1f75d6ee30f96466d1d485fce SHA-256: db0c02dd94a6997cd0171343a251186ad9bd165b9056437457e434d788df5eeb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier strongly indicated maliciousness. The primary attack pattern involves directing users to a domain with a high volume of seemingly unrelated PDF files, likely as a lure or to obscure malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4738739738732731/The-Witness-by-Juan-Jos-Saer.pdf
    • http://cefasfese.4pu.com/4734731731730739/The-Witness-by-Juan-Jos-Saer.pdf
    • http://cefasfese.4pu.com/7735738737737/La-Grande-by-Juan-Jos-Saer.pdf
    • http://cefasfese.4pu.com/1730736731731734737/La-Ficcion-De-La-Memoria-Juan-Rulfo-Ante-La-Critica-The-Fiction-Of-Memories-Juan-Rulfo-Criticism-Juan-Rulfo-Criticism-by-Federico-Campbell.pdf
    • http://cefasfese.4pu.com/4732735731739735/Silent-Witness-Witness-Series-2-by-Rebecca-Forster.pdf
    • http://cefasfese.4pu.com/1730736731732737735/Noticias-Sobre-Juan-Rulfo-1784-2003-News-of-Juan-Rulfo-1784-2003-by-Alberto-Vital.pdf
    • http://cefasfese.4pu.com/9732733733738734/El-Evangelio-y-las-Epistolas-de-Juan-El-Evangelio-De-Juan-y-las-Epistolas-by-Weldon-Viertel.pdf
    • http://cefasfese.4pu.com/1738733736732/Juan-Quezada-by-Juan-Quezada.pdf
    • http://cefasfese.4pu.com/2736737738737730/Don-Juan-by-Moli-re.pdf
    • http://cefasfese.4pu.com/1731732734730734/The-Witness-by-Dee-Henderson.pdf
    • http://cefasfese.4pu.com/3738737731732730/Witness-by-E-G-Lewis.pdf
    • http://cefasfese.4pu.com/7739730731736730/The-Son-of-Don-Juan-by-Jos-Echegaray.pdf
    • http://cefasfese.4pu.com/9735736739734733/Don-Juan-by-Josef-Toman.pdf
    • http://cefasfese.4pu.com/3734736731736/Don-Juan-by-Lord-Byron.pdf
    • http://cefasfese.4pu.com/6732733734737736/Scapin-Don-Juan-by-Moli-re.pdf
    • http://cefasfese.4pu.com/8730738738731/The-Witness-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/1735733734733736/Myself-as-Witness-by-James-Goldman.pdf
    • http://cefasfese.4pu.com/1731738735731738/The-First-Witness-by-Todd-Easterling.pdf
    • http://cefasfese.4pu.com/4735732735731736/The-Era-of-the-Witness-by-Annette-Wieviorka.pdf
    • http://cefasfese.4pu.com/4731730733739736/Witness-by-Whittaker-Chambers.pdf
    • http://cefasfese.4pu.com/1731732734

Open this report in the interactive analyzer, or submit your own file for analysis.