Malicious PDF — malware analysis report

Static analysis result for SHA-256 f40a49f6d9884d77…

MALICIOUS

PDF

15.5 KB Created: 2019-05-03 05:29:54 +01:00 Authoring application: mPDF 5.7
MD5: 4887f9004b0613b1a515bfa5e8df7022 SHA-1: 6d7f70df8f8ec85f6e657416f6f3f75033bcc7bc SHA-256: f40a49f6d9884d77b2b32a83755b44824013e0452f1b90f9067c93065cca72d4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with the dominant host being 'cefasfese.4pu.com'. While the extracted URLs are currently marked as benign, the sheer volume and structure suggest a malicious intent to redirect users to potentially harmful sites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2734730734734731/Moss-Gown-by-William-H-Hooks.pdf
    • http://cefasfese.4pu.com/2737735732736735/Evocative-Description-Character-Dialogue-Foreshadowing-and-Where-to-Use-Hooks-Writing-Active-Hooks-2-by-Mary-Buckham.pdf
    • http://cefasfese.4pu.com/1731738738735737/Bill-Moss-Fabric-Artist-and-Designer-by-Marilyn-Moss.pdf
    • http://cefasfese.4pu.com/3733738732730732/The-Questionable-Behavior-of-Dahlia-Moss-Dahlia-Moss-Mysteries-3-by-Max-Wirestone.pdf
    • http://cefasfese.4pu.com/2736735735738739/The-Astonishing-Mistakes-of-Dahlia-Moss-Dahlia-Moss-Mysteries-2-by-Max-Wirestone.pdf
    • http://cefasfese.4pu.com/2734731735739733/Girl-in-Cap-and-Gown-by-Harriet-Levin.pdf
    • http://cefasfese.4pu.com/6734733730736735/The-Scarlet-Gown-by-Sarah-Mallory.pdf
    • http://cefasfese.4pu.com/5730730734730733/A-Gown-of-Spanish-Lace-by-Janette-Oke.pdf
    • http://cefasfese.4pu.com/3733731735734738/Death-in-a-Scarlet-Gown-by-Lexie-Conyngham.pdf
    • http://cefasfese.4pu.com/3738732738734739/The-Black-Velvet-Gown-by-Catherine-Cookson.pdf
    • http://cefasfese.4pu.com/8733736730735738/The-Chauffeur-Wore-An-Evening-Gown-by-Roni-Adams.pdf
    • http://cefasfese.4pu.com/2732739739737735/The-Blue-Cotton-Gown-A-Midwife-s-Memoir-by-Patricia-Harman.pdf
    • http://cefasfese.4pu.com/4739731737736737/The-Ravenous-Gown-And-14-More-Tales-about-Real-Beauty-by-Steffani-Raff.pdf
    • http://cefasfese.4pu.com/7737738734737/All-About-Love-New-Visions-by-bell-hooks.pdf
    • http://cefasfese.4pu.com/4730731733733731/All-About-Love-New-Visions-by-bell-hooks.pdf
    • http://cefasfese.4pu.com/2731734735735731/The-Girl-in-the-Green-Silk-Gown-Ghost-Roads-2-by-Seanan-McGuire.pdf
    • http://cefasfese.4pu.com/1734731739731739/The-Will-to-Change-Men-Masculinity-and-Love-by-bell-hooks.pdf
    • http://cefasfese.4pu.com/9732731737731/Feminism-is-for-Everybody-Passionate-Politics-by-bell-hooks.pdf
    • http://cefasfese.4pu.com/4737731736732735/Grump-Groan-Growl-by-bell-hooks.pdf
    • http://cefasfese.4pu.com/3734739736730735/Wounds-of-Passion-A-Writing-Life-by-bell-hooks.pdf
    • http://cefasfese.4pu.com/8733736730735738/The-C

Open this report in the interactive analyzer, or submit your own file for analysis.