Malicious PDF — malware analysis report

Static analysis result for SHA-256 e10c2c5d06a3f66f…

MALICIOUS

PDF

17.1 KB Created: 2019-05-02 09:36:27 +01:00 Authoring application: mPDF 5.7
MD5: 6e0c4dc7b408a31845da0e1f258423e5 SHA-1: b695bfa70f43fbcd6076c2ca566c603a0d93bca2 SHA-256: e10c2c5d06a3f66ff2acac20113ca590224f7ee0c89f1497b22c79ab3ebbab9c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various book titles, suggesting a potential lure or distraction tactic. While the URLs themselves are currently flagged as benign, the sheer volume and structure indicate a malicious intent, possibly for SEO manipulation or to serve as a landing page for further malicious activity. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2731734738735734/Chaucer-s-Poetry-An-Anthology-for-the-Modern-Reader-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/9738735732736734/The-Canterbury-Tales---Original-and-Modernised-Text-by-Geoffrey-Chaucer---Delphi-Classics-Illustrated-Delphi-Parts-Edition-Geoffrey-Chaucer-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/4735739731738734/Works-of-Geoffrey-Chaucer-The-Canterbury-Tales-Troilus-and-Criseyde-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/3730730734735735/The-Squire-s-Tale-Chaucer-s-Canterbury-Tales-1921-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/6734737730734730/The-Canterbury-Tales-of-Chaucer-To-Which-Are-Added-an-Essay-Upon-His-Language-and-Versification-an-Introductory-Discourse-and-Notes-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/2737730737738733/The-Poetical-Works-Of-Geoffrey-Chaucer-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/7737736730735/The-Riverside-Chaucer-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/6733735735733731/The-Canterbury-Tales-in-Modern-Verse-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/3739739736738730/Chaucer-and-the-House-of-Fame-Chaucer-1-by-Philippa-Morgan.pdf
    • http://cefasfese.4pu.com/6739738738734/Chanticleer-and-the-Fox-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/5732734734738730/Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/1731736738734736730/The-Parlament-of-Foules-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/4730737735735739/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/6733733734739736/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/7739736739738736/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/9732739736734732/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/9732733739739739/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/1730732732731732739/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/9738730730730738/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/1730731739736730736/The-Canterbury-Tales-by-Geoffrey-Chaucer.pdf
    • http://cefasfese.4pu.com/6734737730734730/The-Canterbury-Tales-of-Chaucer-To-Which-Are-Added-a

Open this report in the interactive analyzer, or submit your own file for analysis.