Malicious PDF — malware analysis report

Static analysis result for SHA-256 193d8399732b1a13…

MALICIOUS

PDF

32.6 KB Created: 2019-04-30 23:22:32 +01:00 Authoring application: mPDF 5.7
MD5: 261498ff5905749cb2dcf9320b3ad7b6 SHA-1: 5a55293f2ed4f644223aa83bf0411eadc8f310f8 SHA-256: 193d8399732b1a13086e5214c9460c03a5b2a68655b97072a591ff9814c9414b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs pointing to external PDF files hosted on a dynamic DNS domain. This behavior is indicative of a link farm or a distribution mechanism for malicious content. While the URLs themselves are currently flagged as benign, the sheer volume and the heuristic firing of 'PDF_SEO_LINK_FARM' suggest a malicious intent, possibly to manipulate search engine results or to serve further malicious payloads. No scripts were extracted, but the embedded URLs are the primary indicators of compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7094098090095092/The-Student-s-Graduated-French-Reader-with-Notes-and-a-Complete-Vocabulary-by-Leon-B-1849-Delbos.pdf
    • http://loaminoo.linkpc.net/7094097098096093/The-Student-s-Graduated-French-Reader-for-the-Use-of-Public-Schools-Vol-1-First-Year-Anecdotes-Tales-Historical-Pieces-by-Leon-Delbos.pdf
    • http://loaminoo.linkpc.net/1091098093099093095/A-Sanskrit-Reader-Text-and-Vocabulary-and-Notes-by-Charles-Rockwell-Lanman.pdf
    • http://loaminoo.linkpc.net/6099094095097091/A-First-French-Reader-with-Vocabulary-and-Exercises-by-Philippe-Delannoy.pdf
    • http://loaminoo.linkpc.net/1090093095093098090/Der-Neffe-ALS-Onkel-Translated-and-Adapted-from-the-French-of-Picard-Edited-with-Notes-and-Vocabulary-by-Louis-Beno-t-Picard.pdf
    • http://loaminoo.linkpc.net/7094097097091095/Horace-Edited-by-Leon-Delbos-by-Pierre-Corneille.pdf
    • http://loaminoo.linkpc.net/1091090091094095091/Eug-ne-s-French-Method-Or-Elementary-French-Lessons-Being-a-Course-of-Easy-Rules-and-Exercises-Introductory-to-the-Author-s-Student-s-Comparative-French-Grammar-by-G-Eugene-Fasnacht.pdf
    • http://loaminoo.linkpc.net/1090096092098091097/Learn-French-with-Mimi-Mimi-goes-for-a-Walk-A-Picture-Story-in-French-English-with-Vocabulary-Mimi-eng-fr-Book-3-by-Dr-Howey.pdf
    • http://loaminoo.linkpc.net/6096097090097090/Episodes-from-Sans-Famille-With-Notes-and-Vocabulary-1899-by-Hector-Malot.pdf
    • http://loaminoo.linkpc.net/5093097095098093/A-French-Reader-Un-Voyageur-Perdu-French-Readers-by-Yves-Thibault.pdf
    • http://loaminoo.linkpc.net/5096096095090094/Le-Petit-Prince-Educational-Edition-with-Introduction-Notes-Vocabulary-and-Bibliography-by-Antoine-de-Saint-Exup-ry.pdf
    • http://loaminoo.linkpc.net/5097095097097097/Mandarin-Language-Guide-to-Conversation-in-French-English-and-Chinese-Containing-a-Vocabulary-and-Familiar-Dialogues-by-S-raphin-Couvreur.pdf
    • http://loaminoo.linkpc.net/6099094095098097/Mots-Caches---A-Basic-French-Vocabulary-Review-in-Word-Search-Puzzle-Form-by-Philippe-Delannoy.pdf
    • http://loaminoo.linkpc.net/7095093092095093/Student-s-Solution-Manual-An-Outline-for-the-Study-of-Calculus-TC7-Louis-Leithold-Vol-1-Chapters-1-4-by-Leon-Gerber.pdf
    • http://loaminoo.linkpc.net/1090092095096099095/The-Contemporary-French-Writers-Selections-from-the-French-Writers-of-the-Second-Part-of-the-19th-Century-with-Literary-Notices-and-Historical-Geographical-Etymological-Grammatical-and-Explanatory-Notes-by-Rosine-Melle.pdf
    • http://loaminoo.linkpc.net/6099090097099098/A-Student-s-Notes-on-Genesis-The-Bible-for-Public-Schools-by-Eleanor-Grace-Rupp.pdf
    • http://loaminoo.linkpc.net/7090096099097094/The-Masterpiece-Library-of-Short-Stories-The-Thousand-Best-Complete-Tales-of-all-Times-and-all-Countries-Volume-V-French-amp-Volume-VI-French-and-Belgian-by-John-Alexander-Hammerton.pdf
    • http://loaminoo.linkpc.net/1091094099091097091/An-Inquiry-Into-the-Nature-and-Causes-of-the-Wealth-of-Nations-with-a-Life-of-the-Author-Also-a-View-of-the-Doctrine-of-Smith-Compared-with-That-of-the-French-Economists-from-the-French-of-M-Garnier-Complete-in-One-Volume-by-Adam-Smith.pdf
    • http://loaminoo.linkpc.net/7097092098094098/A-French-Reader-Le-V-t-rinaire-by-Yves-Thibault.pdf
    • http://loaminoo.linkpc.net/1091090091094096091/MacMillan-s-Course-of-French-Composition-2nd-Course-With-Teacher-s-and-Private-Student-s-Companion-by-George-Eug-ne-Fasnacht.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.