Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee67fbd22db32be3…

MALICIOUS

PDF

14.0 KB Created: 2019-11-07 11:20:42 +00:00 Authoring application: mPDF 5.7
MD5: a08190d2b7b479e7cea40e48a2b0d958 SHA-1: 0cd6c8b25fa0122cc002c0875e7fc5b4465775ae SHA-256: ee67fbd22db32be3ff8a4bcccb7b7df5b528de4b815951b5bf554cdac056d422
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or SEO poisoning attack, designed to drive traffic to a specific domain. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1739732737735731/Into-the-Beautiful-North-by-Luis-Alberto-Urrea.pdf
    • http://cefasfese.4pu.com/1733735731730730/The-Hummingbird-s-Daughter-by-Luis-Alberto-Urrea.pdf
    • http://cefasfese.4pu.com/3733736737735/Nobody-s-Son-Notes-from-an-American-Life-by-Luis-Alberto-Urrea.pdf
    • http://cefasfese.4pu.com/7736731733735735/Tijuana-Book-of-the-Dead-by-Luis-Alberto-Urrea.pdf
    • http://cefasfese.4pu.com/1733738733734731/Across-the-Wire-Life-and-Hard-Times-on-the-Mexican-Border-by-Luis-Alberto-Urrea.pdf
    • http://cefasfese.4pu.com/7733734739738739/Bazar-Estudios-Literarios-by-Luis-Alberto-de-Cuenca.pdf
    • http://cefasfese.4pu.com/7734739737731733/A-History-of-Argentina-in-the-Twentieth-Century-by-Luis-Alberto-Romero.pdf
    • http://cefasfese.4pu.com/1730733738734/Fever-Moon-The-Fear-Dorcha-Fever-5-5-by-Karen-Marie-Moning.pdf
    • http://cefasfese.4pu.com/3739733730730739/The-Fever-Series-Fever-1-5-by-Karen-Marie-Moning.pdf
    • http://cefasfese.4pu.com/6738736738730/Fever-Crumb-Fever-Crumb-1-by-Philip-Reeve.pdf
    • http://cefasfese.4pu.com/7735736735735733/Racconti-Di-Alberto-Moravia-by-Alberto-Moravia.pdf
    • http://cefasfese.4pu.com/3734738733738733/The-Voyeur-by-Alberto-Moravia.pdf
    • http://cefasfese.4pu.com/3739738736733/The-Conformist-by-Alberto-Moravia.pdf
    • http://cefasfese.4pu.com/8730733733730733/Monet-by-Alberto-Martini.pdf
    • http://cefasfese.4pu.com/7735736736734733/Two-Friends-by-Alberto-Moravia.pdf
    • http://cefasfese.4pu.com/2732730733736732/Loter-a-by-Mario-Alberto-Zambrano.pdf
    • http://cefasfese.4pu.com/5735739739733732/Marca-by-Alberto-Jos-P-rez.pdf
    • http://cefasfese.4pu.com/6734733738730730/Alberto-Giacometti-by-Pierre-Th-berge.pdf
    • http://cefasfese.4pu.com/7735736735735731/Erotic-Tales-by-Alberto-Moravia.pdf
    • http://cefasfese.4pu.com/3731737730734739/The-Time-of-Indifference-by-Alberto-Moravia.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.