Malicious PDF — malware analysis report

Static analysis result for SHA-256 e5eec63bb69c0eda…

MALICIOUS

PDF

13.9 KB Created: 2019-11-09 22:57:05 +00:00 Authoring application: mPDF 5.7
MD5: 367a32f1b60c39be7147e6da267414ca SHA-1: f2a957f62e19af51e2d80d5447fee34e14281333 SHA-256: e5eec63bb69c0edaa01103e151645f3ef83a421a7f8da1c4a7964cf8dc05006e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While many of these specific URLs are marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, likely to manipulate search engine results or redirect users to harmful sites. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1730737738738732731/Vanitas-Motel-Jon-Loomis-by-Jon-Loomis.pdf
    • http://cefasfese.4pu.com/6732733737734731/Astro-Boy-Vol-5-Astro-Boy-5-by-Osamu-Tezuka.pdf
    • http://cefasfese.4pu.com/3731733731737734/The-Dumb-Bunnies-Easter-The-Dumb-Bunnies-2-by-Sue-Denim.pdf
    • http://cefasfese.4pu.com/6738735733738739/Astro-Boy-Vol-8-by-Osamu-Tezuka.pdf
    • http://cefasfese.4pu.com/6738735733738730/Astro-Boy-Vol-7-by-Osamu-Tezuka.pdf
    • http://cefasfese.4pu.com/6738735733739733/Astro-Boy-Vol-11-by-Osamu-Tezuka.pdf
    • http://cefasfese.4pu.com/8739739737730737/Medieval-Hellenism-by-Louise-Loomis.pdf
    • http://cefasfese.4pu.com/2739736737730/Short-Cut-to-Red-River-by-Noel-M-Loomis.pdf
    • http://cefasfese.4pu.com/6731737733734736/Erasing-Mrs-Loomis-by-Mary-K-Baxter.pdf
    • http://cefasfese.4pu.com/3737733733734739/Astro-Boy-Vols-1-amp-2-by-Osamu-Tezuka.pdf
    • http://cefasfese.4pu.com/8730736736739737/Drawing-the-Head-and-Hands-by-Andrew-Loomis.pdf
    • http://cefasfese.4pu.com/7735733738733739/Drawing-Figures-in-Action-by-Andrew-Loomis.pdf
    • http://cefasfese.4pu.com/4730730737737736/The-Monster-In-the-Closet-and-Other-Stories-by-K-Kris-Loomis.pdf
    • http://cefasfese.4pu.com/3737732738736737/Astro-Boy-Omnibus-Volume-1-by-Osamu-Tezuka.pdf
    • http://cefasfese.4pu.com/6732733739730738/The-Bonaparte-Secret-Lang-Reilly-5-by-Gregg-Loomis.pdf
    • http://cefasfese.4pu.com/5734730737731730/Professor-Astro-Cat-s-Frontiers-of-Space-by-Dominic-Walliman.pdf
    • http://cefasfese.4pu.com/2734732739734/Astro-City-Vol-11-Private-Lives-by-Kurt-Busiek.pdf
    • http://cefasfese.4pu.com/3730736736733731/Astro-City-Vol-9-Through-Open-Doors-by-Kurt-Busiek.pdf
    • http://cefasfese.4pu.com/2732735732737736/Boy-In-A-Band-Morgan-Mallory-Series-Book-1-by-Lisa-Loomis.pdf
    • http://cefasfese.4pu.com/4736737736730737/When-Bunnies-Attack-by-K-I-Lynn.pdf
    • http://cefasfese.4pu.com/3737732738736737/

Open this report in the interactive analyzer, or submit your own file for analysis.