Malicious PDF — malware analysis report

Static analysis result for SHA-256 f52489e6f1247821…

MALICIOUS

PDF

19.8 KB Created: 2019-05-02 06:14:05 +01:00 Authoring application: mPDF 5.7
MD5: 3165c1d5a023d25cfc886e008d696ba0 SHA-1: 91ca19659e9dca379d0081b3949a585d0fe06673 SHA-256: f52489e6f1247821c7ef2cd2b406516e90506640151fbc63ac43521d088df293
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, many of which point to PDF documents with numeric slugs in their URLs. This suggests a link farm or redirection tactic. No scripts were extracted from this sample, and the document body was truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9922

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3737737735738732/The-Case-of-the-Not-So-Nice-Nurse-by-Mabel-Maney.pdf
    • http://cefasfese.4pu.com/1739738737731/The-Case-of-the-Good-for-Nothing-Girlfriend-Nancy-Clue-amp-Cherry-Aimless-2-by-Mabel-Maney.pdf
    • http://cefasfese.4pu.com/1730733731735739732/Midnight-at-Mabel-s-The-Mabel-Mercer-Story-Centennial-Biography-of-the-Great-Song-Stylist-by-Margaret-Cheney.pdf
    • http://cefasfese.4pu.com/2733737738736734/Call-the-Nurse-True-Stories-of-a-Country-Nurse-on-a-Scottish-Isle-by-Mary-J-MacLeod.pdf
    • http://cefasfese.4pu.com/3735731737735736/Call-the-Nurse-True-Stories-of-a-Country-Nurse-on-a-Scottish-Isle-by-Mary-J-MacLeod.pdf
    • http://cefasfese.4pu.com/1730733731735739737/Mabel-Bunt-and-the-Masked-Monarchs-A-Mabel-Bunt-Novel-Book-1-by-R-Collins.pdf
    • http://cefasfese.4pu.com/4739737731733736/The-Unlikely-Adventures-of-Mabel-Jones-Mabel-Jones-1-by-Will-Mabbitt.pdf
    • http://cefasfese.4pu.com/1730733731735732738/Mabel-Crowley-Book-Five-Mabel-Crowley-5-by-E-H-Nolan.pdf
    • http://cefasfese.4pu.com/2730732732738736/Nice-Girls-After-Dark-Nicole-Nice-Girls-After-Dark-3-Billionaires-After-Dark-11-Love-in-Bloom-53-by-Melissa-Foster.pdf
    • http://cefasfese.4pu.com/1736738735738/The-Case-of-the-Case-of-Mistaken-Identity-Brixton-Brothers-1-by-Mac-Barnett.pdf
    • http://cefasfese.4pu.com/1731738736738735733/The-Resolving-of-Conscience-Upon-This-Question-Whether-Upon-Such-a-Supposition-or-Case-as-Is-Now-Usually-Made-Subjects-May-Take-Arms-and-Resist-and-Whether-That-Be-the-Case-Now-By-H-Fern-1642-by-Ferne.pdf
    • http://cefasfese.4pu.com/7738735735738739/Case-by-Case-Basis-by-Patricia-Willers.pdf
    • http://cefasfese.4pu.com/4733736739738733/Mabel-s-adventures-by-Lia-Tern.pdf
    • http://cefasfese.4pu.com/1730733731734739736/Mabel-by-W-Somerset-Maugham.pdf
    • http://cefasfese.4pu.com/1730733731735730735/Alf-amp-Mabel-by-Terry-Lander.pdf
    • http://cefasfese.4pu.com/1730733731735739739/The-Crying-Sisters-by-Mabel-Seeley.pdf
    • http://cefasfese.4pu.com/4738736733731731/Austin-amp-Mabel-by-Polly-Longsworth.pdf
    • http://cefasfese.4pu.com/4738730730733738/Siento-lo-mismo-que-t-by-M-bel-Montes.pdf
    • http://cefasfese.4pu.com/1732738738731735/Ed-And-Mabel-Go-To-The-Moon-by-Aaron-Bushkowsky.pdf
    • http://cefasfese.4pu.com/7730731735736739/Mabel-Normand-by-Jesse-Russell.pdf
    • http://cefasfese.4pu.com/4739737731733736/The-Unlikely-Adventures-of-Mabel-Jones-Ma

Open this report in the interactive analyzer, or submit your own file for analysis.