Malicious PDF — malware analysis report

Static analysis result for SHA-256 12364c7a438c8da9…

MALICIOUS

PDF

46.5 KB Created: 2019-04-30 04:55:44 +01:00 Authoring application: mPDF 5.7
MD5: 017bff41531747d8a1ec9aa99e00dead SHA-1: 0258c8df622beada59e9c02903c665ad793dc9e7 SHA-256: 12364c7a438c8da959e2db4b36f26d2505dbed772183e558d10614aaaeafc20e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded links to external PDF files, many of which are hosted on the dynamic DNS domain 'loaminoo.linkpc.net'. This behavior is indicative of a link farm or a mechanism to distribute further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9675

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9092093098090092/Album-Symphonic-Metal-Design-Your-Universe-the-Heart-of-Everything-01011001-S-amp-m-Enter-Mother-Earth-Children-of-Hurin-the-Silent-Force-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/8095098093096099/Symphonic-Metal-Band-Nightwish-Therion-Avantasia-Rhapsody-of-Fire-Within-Temptation-Epica-Symphony-X-Xandria-Lacrimosa-Krypteria-Midnattsol-Tristania-After-Forever-Leaves-Eyes-Haggard-Battlelore-Delain-Sirenia-Mooncry-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/9092093097099098/Legendarium-de-J-R-R-Tolkien-El-Senor-de-Los-Anillos-El-Hobbit-El-Silmarillion-Los-Hijos-de-Hurin-Esbozo-de-la-Mitologia-the-Road-Goes-Ever-O-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/9092093096098096/The-Great-Tales-of-Middle-earth-Children-of-H-rin-Beren-and-L-thien-and-The-Fall-of-Gondolin-by-J-R-R-Tolkien.pdf
    • http://loaminoo.linkpc.net/7097099090092097/U2-Album-de-U2-Chanson-de-U2-Tournee-de-U2-with-or-Without-You-U2-360-Tour-Vertigo-Tour-I-Still-Haven-t-Found-What-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/8095098093096092/Groupe-de-Metal-Allemand-Accept-Rammstein-Helloween-in-Extremo-Kmfdm-Blind-Guardian-Gamma-Ray-Knorkator-Lacrimosa-Darkseed-J-B-O-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/8095098093095096/Darkwave-Album-Darkwave-Ep-Darkwave-Gruppi-Musicali-Darkwave-Musicisti-Darkwave-the-Cure-Emilie-Autumn-Lacrimosa-Bauhaus-Dvar-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/6094093094099091/Film-Experimental-2001-L-Odyssee-de-L-Espace-Mulholland-Drive-Eraserhead-Fantasia-Le-Viol-Du-Vampire-Citizen-Kane-La-Jetee-Koyaanisqatsi-Lost-Highway-Enter-the-Void-Inland-Empire-Dancing-at-the-Blue-Iguana-Un-Chien-Andalou-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/8095098093097091/Groupe-de-Gothic-Metal-Celtic-Frost-Theatre-of-Tragedy-Cradle-of-Filth-Within-Temptation-Type-O-Negative-Lacuna-Coil-on-Thorns-I-Lay-Sirenia-Lacrimosa-Sentenced-Tiamat-Tristania-the-Old-Dead-Tree-Moi-Dix-Mois-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/3090094091091091/The-Children-of-H-rin-by-J-R-R-Tolkien.pdf
    • http://loaminoo.linkpc.net/3093090098097/The-Children-of-H-rin-by-J-R-R-Tolkien.pdf
    • http://loaminoo.linkpc.net/1090096099090092095/Astrobiologie-Exobiologie-Seti-home-Marsianer-Ausserirdisches-Leben-Extraterrestrisch-Rare-Earth-Hypothese-Search-for-Extraterrestrial-Intelligence-Panspermie-Habitable-Zone-Von-Den-Bewohnern-Der-Gestirne-Arecibo-Botschaft-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/9092093096099092/CYOTTO-ECCHI-DE-MIDARETA-HURIN-JIJYO-HURIN-NI-GOUYOKU-NA-TSUMATACHI-NO-HAITOKUNO-ICHIBUSHIJYU-by-SIMSYS-BOOKS.pdf
    • http://loaminoo.linkpc.net/5094091097095091/Publication-Glenat-Album-Glenat-Serie-Glenat-Serie-Publiee-Dans-Circus-Serie-Publiee-Dans-Tcho-Tcho-Le-Bal-Du-Rat-Mort-One-Piece-Gunnm-Zblucops-Samson-amp-Neon-L-Ultime-Chimere-Liste-Des-Personnages-de-Titeuf-Mafalda-Ghost-in-the-Shell-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/9092093097099094/TYOTTO-ETTI-DE-MIDARETA-HURIN-JIJOU-PA-TO-TU--IKENAI-KANKEI-NI-HIKARERU-DANJO-NO-SEKIRARA-NA-SUGATA-by-SHUFU-NO-HURIN-CYOUSA-IINKAI.pdf
    • http://loaminoo.linkpc.net/7097098098098094/Tokio-Hotel-Album-de-Tokio-Hotel-Chanson-de-Tokio-Hotel-Tournee-de-Tokio-Hotel-1000-Hotels-World-Tour-Welcome-to-Humanoid-City-Tour-Zimmer-483-Tour-Bill-Kaulitz-Tournees-de-Tokio-Hotel-Scream-Recompenses-de-Tokio-Hotel-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/1090096099097094092/Tamora-Pierce---Alanna-The-First-Adventure-Characters-in-Alanna-The-First-Adventure-Places-in-Alanna-The-First-Adventure-Convent-Court-of-the-Rogue-Great-Mother-Goddess-Sponsor-Sweating-Sickness-Training-Master-Trebond-Ysandir-Alanna-of-P-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/7094098095094099/Dune-Novels-Book-Guide-Dune-Heretics-of-Dune-Children-of-Dune-Chapterhouse-Dune-God-Emperor-of-Dune-Dune-Messiah-Sandworms-of-Dune-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/1099097090093090/Universe-Online---Enter-the-Game-Part-1-by-Ryan-39-Viken-39-Henning.pdf
    • http://loaminoo.linkpc.net/4097097091093092/Universe-Online---Enter-the-Game-Complete-Edition-by-Ryan-39-Viken-39-Henning.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.