Malicious PDF — malware analysis report

Static analysis result for SHA-256 08a1e1b72b5ea4ab…

MALICIOUS

PDF

15.3 KB Created: 2019-05-02 07:12:58 +01:00 Authoring application: mPDF 5.7
MD5: 3cf423298f9088c2570bc6a9dc9b6d01 SHA-1: 2645f3882bde55ca1860437b35d5e9f10d5e1096 SHA-256: 08a1e1b72b5ea4ab431161601a41e4ed446ae78b0457907c62a5e6e4cf6689a0
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded links pointing to external PDF files hosted on a dynamic DNS domain. This behavior is indicative of a link farm or a distribution point for malicious content, as flagged by the PDF_SEO_LINK_FARM heuristic. While no scripts were directly extracted, the ML_NYX_PDF_MALICIOUS classifier strongly suggests malicious intent. The primary attack vector is likely spearphishing, with the document serving as an attachment to lure users into clicking these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8098099092099090/Victor-Hugo---Die-Elenden-Les-Mis-rables-Gesamtausgabe-Band-1-bis-5-in-ungek-rzter-deutscher-Fassung-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/7095097096090093/The-Works-of-Victor-Hugo-Hans-of-Iceland-Bug-Jargal-Claude-Gueux-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5094098096099093/The-Works-of-Victor-Hugo-The-Hunchback-of-Notre-Dame-and-Les-Miserables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/7095097097096096/The-Works-of-Victor-Hugo-Hans-of-Iceland-Translated-by-H-Smith-Bug-Jargal-Last-Day-of-a-Condemned-Man-Claude-Gueux-Translated-by-A-Ward-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/7095097095099097/Hugo-s-Works-The-Man-Who-Laughs-Part-2-and-Claude-Gueux-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5092096099093093/The-Memoirs-of-Victor-Hugo-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/1092098090092091/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/7091096097093095/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/8094098096095094/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5099093093098094/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5093092095093097/Les-Miserables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/8091097093097092/Les-Miserables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/8095098098098093/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/3099094098095/The-Last-Day-of-a-Condemned-Man-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/3092090098091/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5098094099098096/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/6095092091091/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5095090097092096/Les-Mis-rables-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/8092093090093095/Voix-int-rieures-by-Victor-Hugo.pdf
    • http://loaminoo.linkpc.net/5094098096099097/Les-Miserables-Volume-III-amp-IV-by-Victor-Hugo.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.