Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ba7021944b7eeb8…

MALICIOUS

PDF

12.2 KB Created: 2019-04-30 04:13:38 +01:00 Authoring application: mPDF 5.7
MD5: 64170cd17348af33cfc49e9cd83fa314 SHA-1: d0235caa11be319d8b5ca51291a301e986da65f5 SHA-256: 0ba7021944b7eeb868df2f5a0d72fea037678243bb997d08feb8ea17d47968ca
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF files. While the content of the document itself is not directly readable, the structure and the numerous links suggest a malicious intent, possibly for SEO manipulation or to redirect users to further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5095099098095094/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/8095092098097099/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/5093092093099092/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/7091098098095/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/1091095090091094094/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/6096094090098093/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/6091092093094093/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/8093097098092094/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/5095094095090090/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/5099098093090091/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/5099093093090096/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/4093097096099099/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/5095092093091097/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/1090091097097093090/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/3097091099096097/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/6090098098096/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/5094099092093093/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/6095091093090098/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/1091098094095095093/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf
    • http://loaminoo.linkpc.net/1091090092090099096/The-Great-Gatsby-by-F-Scott-Fitzgerald.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.