Malicious PDF — malware analysis report

Static analysis result for SHA-256 0e8cbeddcddd2c74…

MALICIOUS

PDF

12.8 KB Created: 2019-05-03 12:54:32 +01:00 Authoring application: mPDF 5.7
MD5: 1cbdddcd2058c848ce02d0d1784d90d5 SHA-1: 08ed79ab5a2d4e4fe2b3ca02404842c25661dbc7 SHA-256: 0e8cbeddcddd2c74ff7a802e09c9a8f3cb0e93e925ee5bd9d65fa0416b046f7e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files hosted on the domain 'loaminoo.linkpc.net'. This pattern is indicative of a link farm or a mechanism to distribute further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3097094099090092/Walden-Two-by-B-F-Skinner.pdf
    • http://loaminoo.linkpc.net/4091090091093/Walden-Two-by-B-F-Skinner.pdf
    • http://loaminoo.linkpc.net/1091096092096096091/Skinner-s-Round-Bob-Skinner-4-by-Quintin-Jardine.pdf
    • http://loaminoo.linkpc.net/1091096092097090099/Skinner-s-Ghosts-Bob-Skinner-7-by-Quintin-Jardine.pdf
    • http://loaminoo.linkpc.net/1091096092096095099/Skinner-s-Trail-Bob-Skinner-3-by-Quintin-Jardine.pdf
    • http://loaminoo.linkpc.net/1091096092097091093/Skinner-s-Ordeal-Bob-Skinner-5-by-Quintin-Jardine.pdf
    • http://loaminoo.linkpc.net/8096097095093092/Walden-oder-Leben-in-den-W-ldern-Walden-or-Life-in-the-Woods-by-Henry-David-Thoreau.pdf
    • http://loaminoo.linkpc.net/4097094098094097/Verbal-Behavior-by-B-F-Skinner.pdf
    • http://loaminoo.linkpc.net/1092092098092099/The-Assistant-by-Jonathan-Skinner.pdf
    • http://loaminoo.linkpc.net/1097098098090097/The-Healer-s-Legacy-by-Sharon-Skinner.pdf
    • http://loaminoo.linkpc.net/4090099098091/The-Skinner-Spatterjay-1-by-Neal-Asher.pdf
    • http://loaminoo.linkpc.net/7090099095097097/Sparrows-and-Bouins-by-Susan-Skinner.pdf
    • http://loaminoo.linkpc.net/4093094098091098/Excuse-It-Please-by-Cornelia-Otis-Skinner.pdf
    • http://loaminoo.linkpc.net/1090092093093099/The-Gospel-of-Lazarus-by-Tobias-Skinner.pdf
    • http://loaminoo.linkpc.net/1094099092093099/Skinner-s-Drift-by-Lisa-Fugard.pdf
    • http://loaminoo.linkpc.net/1096095098092090/Letters-to-Malaya-by-Martyn-Skinner.pdf
    • http://loaminoo.linkpc.net/4097095098094098/The-Matriarch-s-Devise-by-Sharon-Skinner.pdf
    • http://loaminoo.linkpc.net/4097090098095097/Going-Under-by-S-Walden.pdf
    • http://loaminoo.linkpc.net/1091096092097090096/Dead-and-Buried-Bob-Skinner-16-by-Quintin-Jardine.pdf
    • http://loaminoo.linkpc.net/1090091099092097096/Business-for-the-21st-Century-by-Steven-J-Skinner.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.