Malicious PDF — malware analysis report

Static analysis result for SHA-256 f30cbdf8b14376e4…

MALICIOUS

PDF

15.4 KB Created: 2019-05-02 05:11:08 +01:00 Authoring application: mPDF 5.7
MD5: 6e4fbf878d7ca3bf08476843e85ce8c5 SHA-1: 33dbbf74fd88db53ac6018692487118474702094 SHA-256: f30cbdf8b14376e449fdc1109355053d7b1d3722af83a65ee6beb75e68fc9d23
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'cefasfese.4pu.com'. This is indicative of a link farm or SEO manipulation tactic. While the URLs themselves are labeled as benign, the sheer volume and the nature of the heuristic 'PDF_SEO_LINK_FARM' suggest a malicious intent to either manipulate search engine rankings or potentially serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/9733730730737733/Arena-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/6732739737736734/The-Patriots-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/3734732736730736/The-Curious-Autobiography-of-Elaine-Jakes-by-H-R-Jakes.pdf
    • http://cefasfese.4pu.com/6738738735735731/Charleston-Charleston-The-History-of-a-Southern-City-by-Walter-J-Fraser-Jr-.pdf
    • http://cefasfese.4pu.com/1734733737731735/Savannah-or-A-Gift-for-Mr-Lincoln-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/8737735738736/The-Seekers-Kent-Family-Chronicles-3-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/1739733738731739/The-Bastard-Kent-Family-Chronicles-1-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/1730735738732732737/Heaven-and-Hell-North-and-South-3-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/4733738738735732/When-the-Idols-Walked-Brak-the-Barbarian-4-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/5732736732736735/Six-Miles-to-Charleston-The-True-Story-of-John-and-Lavinia-Fisher-by-Bruce-Orr.pdf
    • http://cefasfese.4pu.com/6738738737731731/Charleston-Charleston-1-by-Margaret-Ann-Reid.pdf
    • http://cefasfese.4pu.com/4732731730738737/A-Century-of-Great-Western-Stories-An-Anthology-of-Western-Fiction-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/1731737734732733737/Sermons-of-Grace-Sermons-from-Grace-Episcopal-Church-in-Charleston-South-Carolina-2012-2014-by-John-Zahl.pdf
    • http://cefasfese.4pu.com/1731732734737732732/Brak-the-Barbarian-Mark-of-the-Demons-Brak-the-Barbarian-1-3-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/7733730733733/Kent-Family-Chronicles-3-Volumes-in-1-Kent-Family-Chronicles-1-3-by-John-Jakes.pdf
    • http://cefasfese.4pu.com/1730732734739738/On-the-Seventh-Day-by-T-D-Jakes.pdf
    • http://cefasfese.4pu.com/1734732731730738/Cover-Girls-by-T-D-Jakes.pdf
    • http://cefasfese.4pu.com/3735736737737732/Running-on-Empty-Havoc-3-by-S-E-Jakes.pdf
    • http://cefasfese.4pu.com/1737737733735738/Ties-that-Bind-Men-of-Honor-3-by-S-E-Jakes.pdf
    • http://cefasfese.4pu.com/8738734734737733/Lucky-s-Seven-Team-Paladin-1-by-Keely-Jakes.pdf
    • http://cefasfese.4pu.com/4732731730738737/A-Century-of-Great-Western-Stories-

Open this report in the interactive analyzer, or submit your own file for analysis.