Malicious PDF — malware analysis report

Static analysis result for SHA-256 13c8baddc0fed62a…

MALICIOUS

PDF

13.8 KB Created: 2019-05-03 05:05:22 +01:00 Authoring application: mPDF 5.7
MD5: a81b44a00af145d3bfa89553bb42b22d SHA-1: 28b572df1036fc055615bd4878cc3065456c0199 SHA-256: 13c8baddc0fed62a4a8494491dc1f5fabdd66b0366b19e3e72e1ce8c31839126
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded links, identified by the 'PDF_SEO_LINK_FARM' heuristic, suggesting a link farm or redirection to malicious sites. While the document body is unreadable, the presence of numerous external links points towards a phishing or redirection attack. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8096092091099099/Elvis-in-Oz-New-Stories-and-Poems-from-the-Hollins-Creative-Writing-Program-by-Mary-Flinn.pdf
    • http://loaminoo.linkpc.net/4090090097095096/Nothing-to-Lose-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/1098091096093099/Beastly-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/9097090095090/Nothing-to-Lose-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/5090091099093/The-List-by-Patti-Flinn.pdf
    • http://loaminoo.linkpc.net/3094091094090099/Beastly-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092091092097/Scottish-Population-History-by-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092092090090/Local-Government-and-Ploitics-by-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092092090094/Fresh-amp-Local-by-Craig-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092092096090/Catching-Reality-by-Avery-Flinn.pdf
    • http://loaminoo.linkpc.net/1090097097093094090/The-Women-of-Easter-Encounter-the-Savior-with-Mary-of-Bethany-Mary-of-Nazareth-and-Mary-Magdalene-by-Liz-Curtis-Higgs.pdf
    • http://loaminoo.linkpc.net/8096092092095096/Hidden-History-of-Flint-by-Gary-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092090099091/Engineering-Materials-and-Their-Applications-by-Richard-A-Flinn.pdf
    • http://loaminoo.linkpc.net/4095090099093/Bewitching-Kendra-Chronicles-2-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/2098099099096098/Bewitching-Kendra-Chronicles-2-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092090098096/The-Fearful-Summons-by-Denny-Martin-Flinn.pdf
    • http://loaminoo.linkpc.net/4095090095096096/Beastly-Kendra-Chronicles-1-by-Alex-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092091099095/Musical-A-Grand-Tour-by-Denny-Martin-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092092096093/Easter-A-to-Z-Ever-Letter-Tells-a-Story-by-Lisa-Flinn.pdf
    • http://loaminoo.linkpc.net/8096092090098092/Deadly-Collection-A-Molly-Doyle-Mystery-3-by-Elaine-Flinn.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.