Malicious PDF — malware analysis report

Static analysis result for SHA-256 08fe1e032ae574c1…

MALICIOUS

PDF

15.2 KB Created: 2019-05-22 16:44:01 +01:00 Authoring application: mPDF 5.7
MD5: da28dd426480577bdb5dc829c974a98c SHA-1: 332f239d45ee16c5df8f67feb16531a23cf75f2b SHA-256: 08fe1e032ae574c169c652c0283103c01a95a62858be329ad54dd7223d94e98c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, hosted on the suspicious domain 'loaminoo.linkpc.net'. This heuristic firing suggests a link farm or a method to distribute further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3094091093091090/Dive-by-Stacey-Donovan.pdf
    • http://loaminoo.linkpc.net/1091098090090094098/Crash-Dive-Crash-Dive-1-by-Craig-DiLouie.pdf
    • http://loaminoo.linkpc.net/2099095092091093/Donovan-s-Angel-Donovan-s-of-the-Delta-1-by-Peggy-Webb.pdf
    • http://loaminoo.linkpc.net/2097093092094092/Footprints-in-the-Sand-A-Piper-Donovan-Mystery-Piper-Donovan-Wedding-Cake-Mysteries-Book-3-by-Mary-Jane-Clark.pdf
    • http://loaminoo.linkpc.net/6098094099098095/Meurtre-Heron-s-Cove-T1---S-rie-Emma-Sharpe-et-Colin-Donovan-Emma-Sharpe-amp-Colin-Donovan-by-Carla-Neggers.pdf
    • http://loaminoo.linkpc.net/1099096092090092/The-Discovery-Dive-1-by-Gordon-Korman.pdf
    • http://loaminoo.linkpc.net/5098093095098093/Dive-Into-Python-by-Mark-Pilgrim.pdf
    • http://loaminoo.linkpc.net/4092098091090094/High-Five-Dive-by-Adrian-Fridge.pdf
    • http://loaminoo.linkpc.net/4092095097092098/The-Story-of-Phroomf-by-Rosina-Dive.pdf
    • http://loaminoo.linkpc.net/3097093099093095/Chaser-Dive-Bar-3-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/3090091091/Dirty-Dive-Bar-1-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/1090091096099/Play-Stage-Dive-2-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/1097096092090094/Full-Dive-A-Novel-of-Virtual-Reality-by-T-M-Rain.pdf
    • http://loaminoo.linkpc.net/1091090092094093090/Deep-Stage-Dive-4-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/1099094090095/College-Dive-Bar-1-AM-Stories-by-Natty-Soltesz.pdf
    • http://loaminoo.linkpc.net/4097097090092092/Birth-of-a-Wordsmith-The-Dive-1-by-Justin-Miller.pdf
    • http://loaminoo.linkpc.net/1091090092094092096/Play-Stage-Dive-2-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/3096093094097098/Stage-Dive-The-Complete-Collection-1-4-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/8098094098091098/Crazy-Sexy-Love-Dive-Bar-1-by-Kylie-Scott.pdf
    • http://loaminoo.linkpc.net/9090096090098093/Dive-Deep-Exploring-the-Depths-of-POV-by-Virginia-Smith.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.