Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa3b78177e2f38a5…

MALICIOUS

PDF

13.8 KB Created: 2019-11-09 21:42:27 +00:00 Authoring application: mPDF 5.7
MD5: e35131cac109d1f7126538b21f32f148 SHA-1: c1899247745dff11485bfb6a7989845e6c938927 SHA-256: fa3b78177e2f38a5568041af46e2b7eba5c1748ccc055af49600c6b8e475c7f3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document was flagged by a machine learning classifier with high confidence. Static analysis revealed a large number of embedded links, primarily pointing to external PDF files hosted on the 'cefasfese.4pu.com' domain. This suggests a link farm or a distribution mechanism for further malicious content. The document body was heavily obfuscated, preventing a clear understanding of its direct user-facing purpose, but the link farm heuristic strongly indicates malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2739738738736736/Simply-Sexual-House-of-Pleasure-1-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/7737736737731737/Simply-Voracious-House-of-Pleasure-8-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/1731730731734/Simply-Irresistible-Lucky-Harbor-1-by-Jill-Shalvis.pdf
    • http://cefasfese.4pu.com/2733733731734737/Simply-Irresistible-Chinooks-Hockey-Team-1-by-Rachel-Gibson.pdf
    • http://cefasfese.4pu.com/1732735735732/Simply-Irresistible-Chinooks-Hockey-Team-1-by-Rachel-Gibson.pdf
    • http://cefasfese.4pu.com/4731732739733737/The-Ties-That-Bind-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/2738737739731730/Where-Have-All-the-Cowboys-Gone-Turner-Brothers-1-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/3734738732738732/The-Maverick-Cowboy-Morgan-Ranch-2-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/2739735734738734/Roping-the-Wind-Turner-Brothers-2-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/5730735738736734/Riding-the-Line-A-Rouge-Erotic-Romance-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/2730732733736738/Simply-Unforgettable-Simply-Quartet-1-by-Mary-Balogh.pdf
    • http://cefasfese.4pu.com/3731739730733732/Soul-Sucker-Soul-Justice-1-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/1737734737730737/Planet-Mail-Mail-Call-1-by-Kate-Pearce.pdf
    • http://cefasfese.4pu.com/6730731733736738/Irresistible-Irresistible-1-by-Mia-Cardine.pdf
    • http://cefasfese.4pu.com/3734736736732734/99-Irresistible-by-halfpast.pdf
    • http://cefasfese.4pu.com/3734736736733737/99-Irresistible-by-Noelle-.pdf
    • http://cefasfese.4pu.com/2730736730739/Simply-The-Best-by-Shirley-Jump.pdf
    • http://cefasfese.4pu.com/1730736739739734735/Simply-Rad-by-Kris-Radlinski.pdf
    • http://cefasfese.4pu.com/2734739732737733/Irresistible-by-Shara-Azod.pdf
    • http://cefasfese.4pu.com/4732733736736732/Irresistible-by-Catherine-Hart.pdf
    • http://cefasfese.4pu.com/2730732733736738/Simply-Unforgettable-Simply-Quarte

Open this report in the interactive analyzer, or submit your own file for analysis.