Malicious PDF — malware analysis report

Static analysis result for SHA-256 1871fe4a51fb633f…

MALICIOUS

PDF

12.4 KB Created: 2019-04-30 05:51:26 +01:00 Authoring application: mPDF 5.7
MD5: 24e970817a841456a728be0b688b1f73 SHA-1: 4731f031a632bfc549c409c8c5285db8e2492e57 SHA-256: 1871fe4a51fb633f8b647eed8f374410b271d1bc3f4bce15fec950b253a8069e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are labeled as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to host further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1097090092094/Tell-No-One-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/9098099090093092/Run-Away-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/4097092095090093/The-Woods-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/3093096095098090/Six-Years-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/2096094099090099/Fool-Me-Once-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/3093097092094095/Fool-Me-Once-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/1090092092098/Missing-You-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/1090093090096/Six-Years-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/1091090099096095092/The-Final-Detail-Just-One-Look-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/2099091090096/Live-Wire-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/9098090097097095/Ako-me-jednom-prevari-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/1090096094090097/Shelter-Mickey-Bolitar-1-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/1091097091091099/Found-Mickey-Bolitar-3-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/6093092099097099/Recueil-Serial-Lecteurs-2014-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/2092096092096098/Darkest-Fear-Myron-Bolitar-7-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/1097091091093/Deal-Breaker-Myron-Bolitar-1-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/7094095097098/One-False-Move-Myron-Bolitar-5-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/3094091092092099/Live-Wire-Myron-Bolitar-10-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/9097090099090097/Fade-Away-Back-Spin-Myron-Bolitar-3-4-by-Harlan-Coben.pdf
    • http://loaminoo.linkpc.net/9098099090097096/Missing-You-by-Harlan-Coben----Review-by-Expert-Book-Reviews.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.