Malicious PDF — malware analysis report

Static analysis result for SHA-256 f969455cc22a1f4c…

MALICIOUS

PDF

16.0 KB Created: 2019-06-10 05:00:27 +01:00 Authoring application: mPDF 5.7 First seen: 2021-06-13
MD5: c0140be102d3d56f0532d5f275a2a983 SHA-1: 4f4e4e4e89036685c357216070b9b4a5a9b02f18 SHA-256: f969455cc22a1f4cb56e70544fc554438d986ed267ceeef22f0d949fe4ecd38c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded links pointing to external PDF files hosted on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a lure to a malicious site, as flagged by the PDF_SEO_LINK_FARM heuristic. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9811

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2737733732739/The-Bone-Flute-by-Lisa-Tuttle.pdf In PDF document text
    • http://cefasfese.4pu.com/4732735739736734/Ghosts-amp-Other-Lovers-by-Lisa-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730735734737736735/Skin-of-the-Soul-by-Lisa-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/1737739736737739/Gabriel-s-Revenge-The-Adventures-of-Gabriel-Celtic-2-by-J-T-Lewis.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730731737736/Gabriel-s-Redemption-Gabriel-s-Inferno-3-by-Sylvain-Reynard.pdfIn PDF document text
    • http://cefasfese.4pu.com/1737734735732730/Gabriel-Stone-and-the-Wrath-of-the-Solarians-Gabriel-Stone-2-by-Shannon-Duffy.pdfIn PDF document text
    • http://cefasfese.4pu.com/2734733738736731/Gabriel-Stone-and-the-Divinity-of-Valta-Gabriel-Stone-1-by-Shannon-Duffy.pdfIn PDF document text
    • http://cefasfese.4pu.com/3738735733737734/The-Markhat-Files-by-Frank-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/3732736735739731/Passing-the-Narrows-by-Frank-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/2737737738732734/Paisley-Hanover-Acts-Out-by-Cameron-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/4731736730734739/Hold-the-Dark-Markhat-3-by-Frank-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/6737738738733738/Bad-Girls-Gde-to-Open-Road-by-Cameron-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/2731737737731737/Web-of-Deceit-Forgotten-Legacy-3-by-Richard-S-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730737730730730735/Being-and-Awesomeness-Get-Rad-Stay-Rad-by-Tiffany-Zlatich-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/1731736730736731733/Watersong-Circle-A-Diary-of-Flowers-by-Tuttle-Publishing.pdfIn PDF document text
    • http://cefasfese.4pu.com/4733732731734737/The-Adventures-of-Ed-Tuttle-Associate-Justice-and-Other-Stories-by-Jay-Wexler.pdfIn PDF document text
    • http://cefasfese.4pu.com/2734736731733734/The-Sockdolager-Fall-2015-Issue-03-by-Paul-Tuttle-Starr.pdfIn PDF document text
    • http://cefasfese.4pu.com/1730732730733735731/ROE-amp-ARROW-The-Legend-of-Fireside-Hunt-Club-by-Trent-Tuttle.pdfIn PDF document text
    • http://cefasfese.4pu.com/7735739732730736/Gabriel-Loire-les-vitraux-quot-La-lumi-re-semble-venir-de-l-int-rieur-quot-Gabriel-Loire-stained-glass-quot-The-light-seems-to-come-from-within-quot-by-Charles-W-Pratt.pdfIn PDF document text
    • http://cefasfese.4pu.com/7733736734730738/The-Selected-Works-of-Gabriel-Deville-by-Gabriel-Deville.pdfIn PDF document text