Malicious PDF — malware analysis report

Static analysis result for SHA-256 122976de44b2cf77…

MALICIOUS

PDF

12.9 KB Created: 2019-05-07 04:19:08 +01:00 Authoring application: mPDF 5.7
MD5: 4e5546a4b5fb831e4d6a1f6dfb784063 SHA-1: 21a8025305c48e8e8ac09de946f87bc4614b30cb SHA-256: 122976de44b2cf773c021296d5b0bc6bd6ce69a9cb1f785b62b359f22ed7306f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs pointing to what appears to be a link farm hosted on a dynamic DNS domain. This behaviour is indicative of a SEO poisoning or link-farming attack, likely intended to drive traffic to malicious content or to obscure the true destination of the links. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/6094097095097/Earthbound-Earthbound-1-by-Aprilynne-Pike.pdf
    • http://loaminoo.linkpc.net/3097093091094094/Logan-s-Chef-Notes-amp-Half-Baked-Tales-Cooking-Dreams-by-Logan-Guleff.pdf
    • http://loaminoo.linkpc.net/3090091095097098/Logan-s-Search-Logan-s-Run-3-by-William-F-Nolan.pdf
    • http://loaminoo.linkpc.net/9097092094093091/Logan-s-World-Logan-2-by-William-F-Nolan.pdf
    • http://loaminoo.linkpc.net/3097095094097090/Earthbound-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/7098092095096093/Marsbound-Starbound-Earthbound-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/7097092094094091/Oracle-of-Philadelphia-Earthbound-Angels-1-by-Elizabeth-Corrigan.pdf
    • http://loaminoo.linkpc.net/1099094095097093/When-Ghosts-Speak-Understanding-the-World-of-Earthbound-Spirits-by-Mary-Ann-Winkowski.pdf
    • http://loaminoo.linkpc.net/1091099097092099/Earthjoy-by-Anita-Swanson.pdf
    • http://loaminoo.linkpc.net/3099094099094094/Apocalypse-Z-A-Zombie-Novel-by-G-E-Swanson.pdf
    • http://loaminoo.linkpc.net/4094095095099091/The-Girl-Who-Could-See-by-Kara-Swanson.pdf
    • http://loaminoo.linkpc.net/4098090095/Her-Every-Fear-by-Peter-Swanson.pdf
    • http://loaminoo.linkpc.net/1099090091099/The-Nights-Also-by-Anna-Swanson.pdf
    • http://loaminoo.linkpc.net/4098092091091095/Ebony-Eyes-by-Kei-Swanson.pdf
    • http://loaminoo.linkpc.net/5093093094090096/Trembling-in-the-Bones-by-Eleanor-Swanson.pdf
    • http://loaminoo.linkpc.net/5093097099094/Rippler-Ripple-1-by-Cidney-Swanson.pdf
    • http://loaminoo.linkpc.net/1091095090096092093/The-Fairytale-s-Daughter-by-Carolyn-Swanson.pdf
    • http://loaminoo.linkpc.net/1090096093094097/Summer-Dance-by-Lynn-Swanson.pdf
    • http://loaminoo.linkpc.net/3091095099096/Killer-Books-by-Jean-Swanson.pdf
    • http://loaminoo.linkpc.net/1097096090096099/Chameleon-Ripple-2-by-Cidney-Swanson.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.