Malicious PDF — malware analysis report

Static analysis result for SHA-256 0624fb435a5d1d95…

MALICIOUS

PDF

14.0 KB Created: 2019-05-02 05:27:22 +01:00 Authoring application: mPDF 5.7
MD5: 457923b716c8e075e76893fd4b7d94d6 SHA-1: 22e980a9c41cf7e39a21b5c3e303b9fce0b5b290 SHA-256: 0624fb435a5d1d953e46d38b37eb594ebfb8eb8a6aba63892c4d8af33ef10d8f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, hosted on a dynamic DNS domain. This behavior is indicative of a link farm or a mechanism to distribute further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3095098095096099/Mr-Popper-s-Penguins-by-Richard-Atwater.pdf
    • http://loaminoo.linkpc.net/2099092099096093/Mr-Popper-s-Penguins-by-Richard-Atwater.pdf
    • http://loaminoo.linkpc.net/9098095095093099/Mr-Popper-s-Penguins-by-Frederic-P-Miller.pdf
    • http://loaminoo.linkpc.net/9098095094094096/The-Philosophy-of-Karl-Popper-Vol-2-by-Karl-Popper.pdf
    • http://loaminoo.linkpc.net/2099092096094095/Beyond-the-Light-What-Isn-t-Being-Said-about-Near-Death-Experience-by-P-M-H-Atwater.pdf
    • http://loaminoo.linkpc.net/9090097090099/All-Just-Glass-Den-of-Shadows-7-by-Amelia-Atwater-Rhodes.pdf
    • http://loaminoo.linkpc.net/1092095090094094/Promises-to-Keep-Den-of-Shadows-9-by-Amelia-Atwater-Rhodes.pdf
    • http://loaminoo.linkpc.net/5099090095096/Snakecharm-The-Kiesha-ra-2-by-Amelia-Atwater-Rhodes.pdf
    • http://loaminoo.linkpc.net/4098092090095/Persistence-of-Memory-Den-of-Shadows-5-by-Amelia-Atwater-Rhodes.pdf
    • http://loaminoo.linkpc.net/1094092096098096/Shattered-Mirror-Den-of-Shadows-3-by-Amelia-Atwater-Rhodes.pdf
    • http://loaminoo.linkpc.net/1091094093095098091/Color-by-Penguins-by-Ed-Heck.pdf
    • http://loaminoo.linkpc.net/3096097093095097/Rise-of-the-Penguins-by-Steven-Hammond.pdf
    • http://loaminoo.linkpc.net/6095095098094098/The-World-of-Penguins-by-Evelyne-Daigle.pdf
    • http://loaminoo.linkpc.net/2097096093099091/Rise-of-the-Penguins-by-Steven-Hammond.pdf
    • http://loaminoo.linkpc.net/1098095092096098/Baby-Penguins-Everywhere-by-Melissa-Guion.pdf
    • http://loaminoo.linkpc.net/1091091098097094091/Evil-Penguins-2-Armageddon-by-Elia-Anie.pdf
    • http://loaminoo.linkpc.net/5090098097093092/Polar-Bears-and-Penguins-by-Katharine-Hall.pdf
    • http://loaminoo.linkpc.net/5098091095090093/Ping-and-Pong-the-Penguins-by-Sylviane-Gangloff.pdf
    • http://loaminoo.linkpc.net/9098095096093091/The-Popper-by-Harvey-Stanbrough.pdf
    • http://loaminoo.linkpc.net/5099097094093091/Fraser-s-Penguins-A-Journey-to-the-Future-in-Antarctica-by-Fen-Montaigne.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.