Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe17ba53add858c2…

MALICIOUS

PDF

19.6 KB Created: 2019-05-04 09:33:52 +01:00 Authoring application: mPDF 5.7
MD5: 7653212fb542a25034e5ae593d2a0340 SHA-1: 2211c9a4ac3589b33d6b94219ae684356aff76c3 SHA-256: fe17ba53add858c282202a2ede1dd980b85cf5ab5010b804ec1a11974e19894f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a critical heuristic firing for PDF_SEO_LINK_FARM, indicating a mass of external PDF links. The document body contains numerous URLs pointing to what appear to be book titles, suggesting a lure or content hosting mechanism. While no scripts were extracted, the sheer volume of links and the heuristic suggest a malicious intent, possibly for SEO spam or to redirect users to malicious content hosted on the dominant domain 'cefasfese.4pu.com'.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/1731731738732735730/Love-by-Night-A-Black-Vampire-Story-by-Stina.pdf
    • http://cefasfese.4pu.com/2731738737732733/Vampire-Love-Story-Boxed-Set-1-5-by-H-T-Night.pdf
    • http://cefasfese.4pu.com/2731737731739738/The-Werewolf-Whisperer-Vampire-Love-Story-2-by-H-T-Night.pdf
    • http://cefasfese.4pu.com/2734735733739734/The-Complete-8-Book-Vampire-Love-Story-Saga-by-H-T-Night.pdf
    • http://cefasfese.4pu.com/1739738734737/B-Boy-Blues-A-Seriously-Sexy-Fiercely-Funny-Black-on-Black-Love-Story-by-James-Earl-Hardy.pdf
    • http://cefasfese.4pu.com/6737734734736/To-Love-a-Vampire-Guardian-of-the-Night-2-by-Jody-Offen.pdf
    • http://cefasfese.4pu.com/3737733732733738/You-Suck-A-Love-Story-Vampire-Trilogy-2-by-Christopher-Moore.pdf
    • http://cefasfese.4pu.com/3733730731739735/Bloodsucking-Fiends-A-Love-Story-Vampire-Trilogy-1-by-Christopher-Moore.pdf
    • http://cefasfese.4pu.com/2738731730733735/Black-Snow-A-Story-of-Love-and-Destruction-by-Jon-Tattrie.pdf
    • http://cefasfese.4pu.com/4732739732734/The-Last-Vampire-and-Black-Blood-The-Last-Vampire-1-2-by-Christopher-Pike.pdf
    • http://cefasfese.4pu.com/4731732735736/Black-Elk-Speaks-Being-the-Life-Story-of-a-Holy-Man-of-the-Oglala-Sioux-by-Black-Elk.pdf
    • http://cefasfese.4pu.com/7734735733734733/Almost-Black-The-True-Story-of-How-I-Got-Into-Medical-School-By-Pretending-to-Be-Black-by-Vijay-Jojo-Chokal-Ingam.pdf
    • http://cefasfese.4pu.com/9737733730730733/Rayven-Black-in-the-City-of-Night-Rayven-Black-A-New-Superhero-Book-1-by-Tony-Richards.pdf
    • http://cefasfese.4pu.com/7738734730739736/Love-Journal-Valentine-s-Day-Love-Journal-Diary-Memory-Notebook-Keepsake-Journal-Sketchbook-Blank-Book-Bullet-Journal-Notebook-Planner-by-Night-Fairy-Size-6x9-150-Lined-Pages-by-Night-Fairy.pdf
    • http://cefasfese.4pu.com/2739730733736737/Heat-It-Up-by-Stina-Lindenblatt.pdf
    • http://cefasfese.4pu.com/2739733733730731/Tell-Me-When-Lost-in-You-1-by-Stina-Lindenblatt.pdf
    • http://cefasfese.4pu.com/1732737737/An-End-of-Night-A-Shade-of-Vampire-16-by-Bella-Forrest.pdf
    • http://cefasfese.4pu.com/1731730731731734/Red-Night-Vampire-Files-Trilogy-1-by-R-K-Close.pdf
    • http://cefasfese.4pu.com/4733731730739739/Dance-with-a-Vampire-by-Fabian-Black.pdf
    • http://cefasfese.4pu.com/1730738731733737732/Du-Dikter-f-r-nyf-dingar-by-Stina-Wirs-n.pdf
    • http://cefasfese.4pu.com/2738731730733735/Bla

Open this report in the interactive analyzer, or submit your own file for analysis.