Malicious PDF — malware analysis report

Static analysis result for SHA-256 ed8e26e1812630ba…

MALICIOUS

PDF

13.6 KB Created: 2019-05-03 06:02:10 +01:00 Authoring application: mPDF 5.7
MD5: c85110f3bfede8dd3629697886895de5 SHA-1: 92df5ab250471edf4cd419441eacf6ce662726eb SHA-256: ed8e26e1812630baa7cdff5491c849de83f80e138982512f3efaa1bb829a706d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which are likely intended to direct users to malicious websites. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. No scripts were extracted from this sample, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/4737730733733739/Weihnachten-in-Bullerb-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3734739734733/Mio-My-Son-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1731734739733736/The-Tomten-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4738736738731734/Emil-s-Pranks-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1730735732738736/Karlsson-on-the-Roof-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/2733735732738738/Rasmus-and-the-Vagabond-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/6736734736733738/Emil-And-The-Bad-Tooth-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/7737734732731736/Karlson-Flies-Again-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1731730735739731736/Pippi-Moves-In-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4735735736730732/Pippi-Goes-to-the-Circus-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3730732733731734/The-Children-on-Troublemaker-Street-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/2730738733732734/Pippi-in-the-South-Seas-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3730732733730737/Christmas-in-Noisy-Village-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3733738735730/Ronia-the-Robber-s-Daughter-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/3738732738736737/Pippi-Longstocking-in-the-Park-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1733738732739739/Emil-in-the-Soup-Tureen-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/4737732737737/Pippi-in-the-South-Seas-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/6734736732739737/Pippi-Langstrumpf-geht-an-Bord-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1739734732738734/Happy-Times-in-Noisy-Village-by-Astrid-Lindgren.pdf
    • http://cefasfese.4pu.com/1730732733735738730/-Mana-Loa-Zauberhafte-Weihnachten-by-Astrid-Rose.pdf
    • http://cefasfese.4pu.com/3733738735730/Ronia-

Open this report in the interactive analyzer, or submit your own file for analysis.