Malicious PDF — malware analysis report

Static analysis result for SHA-256 fef3fd36a68f0c7d…

MALICIOUS

PDF

16.0 KB Created: 2019-05-02 06:06:29 +01:00 Authoring application: mPDF 5.7
MD5: 58ce2a59779380183b468565750a81af SHA-1: 523550c41fad58b24155807fbcdd8b062b5ff292 SHA-256: fef3fd36a68f0c7d3d077e43acce40699d0ff484e5023e17c99709cff3702146
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF document contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO poisoning or to redirect users to malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external link farm, with the dominant host being 'cefasfese.4pu.com'. While the extracted URLs themselves are marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent to drive traffic. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3737733733732737/Shadow-Souls-The-Vampire-Diaries-The-Return-2-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/3730732738737730/Shadow-Souls-The-Vampire-Diaries-The-Return-2-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/3733737731730/Midnight-The-Vampire-Diaries-The-Return-3-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/3734730735737731/Nightfall-The-Vampire-Diaries-The-Return-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/3737738738734736/Nightfall-The-Vampire-Diaries-The-Return-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/7734738735736735/Tumbleweeds-The-Vampire-Diaries-The-Return-Extras-2-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/2737730733732735/An-Untold-Tale-Elena-s-Christmas-The-Vampire-Diaries-The-Return-Extras-0-5-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/4734732734736/The-Vampire-Diaries-Volumes-1-4-The-Vampire-Diaries-1-4-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/4739732736738739/The-Compelled-The-Vampire-Diaries-Stefan-s-Diaries-6-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/3738730734731/The-Awakening-The-Vampire-Diaries-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/1739733739739731/The-Struggle-The-Vampire-Diaries-2-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/2737732731739734/The-Awakening-The-Vampire-Diaries-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/2737732731739737/Dark-Reunion-The-Vampire-Diaries-4-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/3734730735737735/The-Fury-amp-The-Reunion-The-Vampire-Diaries-3-4-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/7734731738734/Unseen-The-Vampire-Diaries-The-Salvation-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/4739732731732734/Phantom-The-Vampire-Diaries-The-Hunters-1-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/1731732735737730731/Matt-and-Elena-Tenth-Date-On-Wickery-Pond-The-Vampire-Diaries-Extras-0-2-by-L-J-Smith.pdf
    • http://cefasfese.4pu.com/2739735734734736/Shadow-Child-Shadow-Dance-2-by-Graeme-Smith.pdf
    • http://cefasfese.4pu.com/8734734732735/Souls-in-Exile-The-Return-of-Ravana-3-by-David-Hair.pdf
    • http://cefasfese.4pu.com/7736739731734/Shadow-of-Night-All-Souls-Trilogy-2-by-Deborah-Harkness.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.