Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4ea0759cd39e829…

MALICIOUS

PDF

20.1 KB Created: 2019-06-04 09:47:46 +01:00 Authoring application: mPDF 5.7
MD5: 2cb19a7a3f847020293abab62831e40c SHA-1: 62a8f904c5660ae9e7a1779fb63e137b39f8ec0e SHA-256: e4ea0759cd39e82994a32aa376530f9daa397dee775f22256f6a901047b9e988
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute further malicious content. While no scripts were extracted, the PDF structure itself indicates a malicious intent to redirect users to potentially harmful external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9942

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5735731730733735/Tess-of-the-d-Urbervilles-By-Thomas-Hardy-Illustrated-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/9738735732738739/Far-from-the-Madding-Crowd-by-Thomas-Hardy-Illustrated-Delphi-Parts-Edition-Thomas-Hardy-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/6731730730730738/Tess-of-the-d-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/2738734739730733/Tess-of-the-d-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/7737737733730/Tess-of-the-d-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/9739738734739734/Tess-of-the-D-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/9738739739733736/Tess-of-the-D-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/7735737732738737/Tess-of-the-D-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/5730733732736732/Tess-of-the-D-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/8739733734735/Tess-of-the-D-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/1730734737735731737/Tess-of-the-d-Urbervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/1731735737733735732/Tess-of-the-d-Urbervilles-Special-Edition-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/9731731734736739/Tess-of-the-D-Urbervilles-Centaur-Classics-The-100-greatest-novels-of-all-time---65-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/2737732734731733/The-Collected-Novels-of-Thomas-Hardy-vol-1-Far-from-the-Madding-Crowd-The-Return-of-the-Native-The-Mayor-of-Casterbridge-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/1731738739739733732/Desperate-Remedies-A-Novel-by-Thomas-Hardy-and-By-Sir-W-Scott-Illusreated-By-F-Fred-Barnard-16-May-1846---28-September-1896-Was-a-Victorian-English-Illustrator-Caricaturist-and-Genre-Painter-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/9739738731732737/Tess-of-the-D-Ubervilles-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/1730733736736739734/Tess-Of-The-Durbervilles-Unabridged-Compact-Disc-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/7732731735739730/Far-from-the-Madding-Crowd-Illustrated-Platinum-Edition-Free-Audiobook-Included-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/4734733733736736/The-Well-Beloved-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/7730739736733734/Far-from-the-Madding-Crowd-by-Thomas-Hardy.pdf
    • http://cefasfese.4pu.com/1730734737735731737

Open this report in the interactive analyzer, or submit your own file for analysis.