Malicious PDF — malware analysis report

Static analysis result for SHA-256 e9e341415bd2ced3…

MALICIOUS

PDF

12.5 KB Created: 2019-05-03 17:23:31 +01:00 Authoring application: mPDF 5.7
MD5: f1ec351a91699d4437555fb124aa7c10 SHA-1: ad44d6c03e2afc92a937c0670eb3ec37cb14a234 SHA-256: e9e341415bd2ced3b80692e8ab4e9e0f9c490664723aa6bbee4d3d5486a94a7a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDFs hosted on the domain 'cefasfese.4pu.com'. This is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a more detailed analysis of the immediate user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/5731733738736730/Vagabond-Volume-18-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/5731733738736738/Vagabond-Volume-10-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/6738733737733737/Vagabond-Volume-28-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/6738733737734731/Vagabond-Volume-29-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/5731733738735737/Vagabond-Volume-21-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/6738733738732735/Vagabond-Vol-2-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/6738733737735739/Slam-Dunk-Vol-12-by-Takehiko-Inoue.pdf
    • http://cefasfese.4pu.com/6738733738732736/Midori-Days-Volume-3-Midori-Days-3-by-Kazurou-Inoue.pdf
    • http://cefasfese.4pu.com/6738733737731731/Midori-Days-Volume-1-Midori-Days-1-by-Kazurou-Inoue.pdf
    • http://cefasfese.4pu.com/6738733738732738/Midori-Days-Volume-8-Midori-Days-8-by-Kazurou-Inoue.pdf
    • http://cefasfese.4pu.com/6738733738733731/Midori-Days-Volume-4-Midori-Days-4-by-Kazurou-Inoue.pdf
    • http://cefasfese.4pu.com/8735736732731735/Shi-no-shima-by-Takehiko-Fukunaga.pdf
    • http://cefasfese.4pu.com/8733737736735/The-Vagabond-by-Colette.pdf
    • http://cefasfese.4pu.com/3734737734732735/Vagabond-by-Jeremy-James.pdf
    • http://cefasfese.4pu.com/2733735732738738/Rasmus-and-the-Vagabond-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1734732737734730/Paris-Vagabond-by-Jean-Paul-Cl-bert.pdf
    • http://cefasfese.4pu.com/4735735738735732/Released-The-Vagabond-Circus-3-by-Sarah-Noffke.pdf
    • http://cefasfese.4pu.com/3735733735736738/The-Hunting-Gun-by-Yasushi-Inoue.pdf
    • http://cefasfese.4pu.com/7731736738738734/Lou-LAN-and-Other-Stories-by-Yasushi-Inoue.pdf
    • http://cefasfese.4pu.com/1737736732731739/BTOOOM-Vol-1-by-Junya-Inoue.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.