Malicious PDF — malware analysis report

Static analysis result for SHA-256 db8583c80eab41c4…

MALICIOUS

PDF

12.0 KB Created: 2019-05-03 05:29:56 +01:00 Authoring application: mPDF 5.7
MD5: f7490d64cb6ed7fb1b8c526d343b8c32 SHA-1: ca22eb52e2947532c342449ea56bf1016c1f9692 SHA-256: db8583c80eab41c40147611037e20e93e74908d6141f5e914cedf4933645ee95
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to book titles, suggesting a lure to disguise the malicious intent. While the URLs themselves are marked as benign, the sheer volume and structure indicate a link farm, likely for SEO manipulation or to host further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8737

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6732731734/Seeing-Red-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/1733733730738731/White-Hot-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/3731738732739736/Low-Pressure-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/4735730735735737/The-Rana-Look-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/2732730738735733/Deadline-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/2731731738732733/A-Whole-New-Light-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/1731737732733739/In-a-Class-By-Itself-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/7731735730733/The-Witness-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/3738731737/Sting-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/2731738731734739/Deadline-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/2732739736732732/Best-Kept-Secrets-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/7736734732734/Lethal-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/4739731737731737/Temperatures-Rising-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/1738736731739738/Texas-Trilogy-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/4733734734737/Breath-of-Scandal-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/1732739730737/French-Silk-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/1739732732730739/Thursday-s-Child-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/2736737735739734/Long-Time-Coming-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/2731736734732734/Smash-Cut-Mitchell-amp-Associates-1-by-Sandra-Brown.pdf
    • http://cefasfese.4pu.com/1731737734733733738/Der-Verf-hrer-So-gef-hrlich-attraktiv-by-Sandra-Brown.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.