Malicious PDF — malware analysis report

Static analysis result for SHA-256 f6a9c1e5b4432d3c…

MALICIOUS

PDF

17.2 KB Created: 2019-05-02 05:07:12 +01:00 Authoring application: mPDF 5.7
MD5: c0235960ea39f9307a2495a9ded89f13 SHA-1: 790f68a49ff0a8be648188f04f3d77fe97e916cb SHA-256: f6a9c1e5b4432d3c78c91b0f22539db411ce23224e27ebf2ffce42df57bd159f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, characteristic of a link farm designed to drive traffic. The ML classifier strongly indicated maliciousness, and the PDF_SEO_LINK_FARM heuristic confirms the presence of numerous external links, with the dominant host being cefasfese.4pu.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7735739736739732/For-The-Living-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/2737737739730736/For-The-Living-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/7736734735739732/Living-Russian-Revised-dictionary-The-Complete-Living-Language-Course-by-Nadya-Peterson.pdf
    • http://cefasfese.4pu.com/8738739733738731/Living-in-DC-An-Insider-s-Guide-How-to-Get-a-Job-and-Make-the-Most-of-Living-in-the-Nation-s-Capital-by-Kate-McFadyen.pdf
    • http://cefasfese.4pu.com/3731739731736736/Eeny-Meeny-Miney-Mo-And-Still---Mo-Lessons-In-Living-From-Five-Frisky-Red-Squirrels-Living-Forest-3-by-Sam-Campbell.pdf
    • http://cefasfese.4pu.com/1738732739732732/Debt-Proof-Living-The-Complete-Guide-to-Living-Financially-Free-by-Mary-Hunt.pdf
    • http://cefasfese.4pu.com/4734732738739738/Living-the-Farm-Sanctuary-Life-The-Ultimate-Guide-to-Eating-Mindfully-Living-Longer-and-Feeling-Better-Every-Day-by-Gene-Baur.pdf
    • http://cefasfese.4pu.com/1739739733732736/It-Was-Always-You-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/6733733730730/Static-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/2738737738739737/Wireless-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/2735737735739732/Wireless-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/1736730736734734/With-The-Band-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/1739735731739737/The-Watch-Red-1-by-Amanda-Witt.pdf
    • http://cefasfese.4pu.com/4735733733738732/Hostile-Ground-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/2732736733733736/The-Given-amp-The-Taken-Tooth-amp-Claw-1-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/4737736730736737/Hostile-Ground-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/8733732738731737/Teddy-Bears-by-Brandon-Witt.pdf
    • http://cefasfese.4pu.com/3738732731739733/If-The-Seas-Catch-Fire-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/4731739736730732/Just-Drive-Anchor-Point-1-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/1736730734732735/The-Closer-You-Get-The-Distance-Between-Us-2-Wilde-s-4-by-L-A-Witt.pdf
    • http://cefasfese.4pu.com/4734732738739738/Li

Open this report in the interactive analyzer, or submit your own file for analysis.