Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4b940589aed97af…

MALICIOUS

PDF

16.5 KB Created: 2019-05-04 10:44:33 +01:00 Authoring application: mPDF 5.7
MD5: ff90d9fe7663bf2c435e7f1eb6fc64c7 SHA-1: 54485218a12a3919b899a6d377e23eb2f3d8bffa SHA-256: e4b940589aed97af44631b93b2b6772b9b6f76d03fec03f0eb1542fc4388b15d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing indicating a large number of external links, predominantly to book-related PDFs hosted on 'cefasfese.4pu.com'. While the URLs themselves are marked as benign, the sheer volume and structure suggest a potential SEO manipulation or a lure to distribute further malicious content. No scripts were extracted, and the document body was unreadable, limiting the ability to determine a more specific attack pattern or family. The primary IOCs are the URLs associated with the link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2737734732731735/For-Love-or-Honor-The-Jonquil-Brothers-5-by-Sarah-M-Eden.pdf
    • http://cefasfese.4pu.com/3735731736731734/Love-amp-Honor-Honor-3-by-Radclyffe.pdf
    • http://cefasfese.4pu.com/2737731735738738/Glimmer-of-Hope-by-Sarah-M-Eden.pdf
    • http://cefasfese.4pu.com/2737731735737738/Friends-and-Foes-by-Sarah-M-Eden.pdf
    • http://cefasfese.4pu.com/4734731732737739/Drops-of-Gold-by-Sarah-M-Eden.pdf
    • http://cefasfese.4pu.com/1731733733739735734/The-Honor-of-My-Brothers-A-Brief-History-of-the-Relationship-Between-the-Pope-and-the-Bishops-by-William-Henn.pdf
    • http://cefasfese.4pu.com/2736736738731733/A-Timeless-Romance-Anthology-All-Hallows-Eve-by-Sarah-M-Eden.pdf
    • http://cefasfese.4pu.com/2734739738737738/Hope-Springs-Longing-for-Home-2-by-Sarah-M-Eden.pdf
    • http://cefasfese.4pu.com/1738731737730733/Bitter-Fruits-Eden-s-Fall-1-by-Sarah-Daltry.pdf
    • http://cefasfese.4pu.com/4733734733731736/Thick-Love-Thin-Love-2-by-Eden-Butler.pdf
    • http://cefasfese.4pu.com/4735739734731737/Satisfaction-Brothers-Ink-1-by-Sarah-Mayberry.pdf
    • http://cefasfese.4pu.com/3737737731738738/Anticipation-Brothers-Ink-2-by-Sarah-Mayberry.pdf
    • http://cefasfese.4pu.com/9730731739736730/The-Brothers-Karamazov-I-love-mankind-he-said-quot-but-I-find-to-my-amazement-that-the-more-I-love-mankind-as-a-whole-the-less-I-love-man-in-particular-by-Fyodor-Dostoyevsky.pdf
    • http://cefasfese.4pu.com/3730735730734734/The-Last-Goodbye-Adamson-Brothers-1-by-Sarah-Mayberry.pdf
    • http://cefasfese.4pu.com/3732736737732730/For-Seven-Nights-Only-Chase-Brothers-2-by-Sarah-Ballance.pdf
    • http://cefasfese.4pu.com/2730731736730736/Suddenly-Last-Summer-O-Neil-Brothers-2-by-Sarah-Morgan.pdf
    • http://cefasfese.4pu.com/4731731732732737/Suddenly-Last-Summer-O-Neil-Brothers-2-by-Sarah-Morgan.pdf
    • http://cefasfese.4pu.com/2731736734730738/One-Good-Reason-Adamson-Brothers-2-by-Sarah-Mayberry.pdf
    • http://cefasfese.4pu.com/1737737738733/Love-and-Honor-by-H-M-Samkange.pdf
    • http://cefasfese.4pu.com/1739737737738738/Sleigh-Bells-in-the-Snow-O-Neil-Brothers-1-by-Sarah-Morgan.pdf
    • http://cefasfese.4pu.com/4735739734731737/Satisfaction-Brothers-Ink

Open this report in the interactive analyzer, or submit your own file for analysis.