Malicious PDF — malware analysis report

Static analysis result for SHA-256 1bbfead3f6ba5fa6…

MALICIOUS

PDF

14.5 KB Created: 2019-05-04 14:23:55 +01:00 Authoring application: mPDF 5.7
MD5: bbb1561d5e7481112aa941639011e5f6 SHA-1: 1604191e5efbbc204c82b2dcb04d9864524b71d7 SHA-256: 1bbfead3f6ba5fa61aeab0dfae488b9e8f88c2f0e3e754b6c1e778539051b1f7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a malicious intent, likely for SEO poisoning or to distribute further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2090098097096/The-Phoenix-Encounter-Family-Secrets-0-6-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/8094097090/A-Gathering-of-Secrets-Kate-Burkholder-10-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/3097090091093093/Secrets-in-Phoenix-Phoenix-Holt-1-by-Gabriella-Lepore.pdf
    • http://loaminoo.linkpc.net/7091092099095097/Dead-Reckoning-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/1090094098094092/Her-Last-Breath-Kate-Burkholder-5-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/7091092099092096/Murder-in-Amish-Country-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/3096097096/Among-the-Wicked-Kate-Burkholder-8-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/7098095091091095/After-the-Storm-Kate-Burkholder-7-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/7091092098096095/Only-the-Lucky-Kate-Burkholder-8-5-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/2093094096094097/Breaking-Silence-Kate-Burkholder-3-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/7091092098096093/Seeds-of-Deception-Kate-Burkholder-7-5-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/4092093091096094/A-Secret-Encounter-Amish-Secrets-2-by-J-E-B-Spredemann.pdf
    • http://loaminoo.linkpc.net/7095099099094092/Linda-s-Soup-Diet-Secrets-Reach-Your-Target-Weight-Faster-by-Linda-Lazarides.pdf
    • http://loaminoo.linkpc.net/7091092099092090/Secrets-of-Castillo-del-Arco-by-Trish-Morey.pdf
    • http://loaminoo.linkpc.net/1094095091099092/Carnal-Secrets-The-Phoenix-Pack-3-by-Suzanne-Wright.pdf
    • http://loaminoo.linkpc.net/1097092094096092/Sacred-Secrets-by-Linda-S-Prather.pdf
    • http://loaminoo.linkpc.net/2092099090093091/Secrets-amp-Lies-The-Ferro-Family-Secrets-amp-Lies-1-by-H-M-Ward.pdf
    • http://loaminoo.linkpc.net/6096094090090/The-Mackenzie-Family-Mackenzie-Family-3-3-5-by-Linda-Howard.pdf
    • http://loaminoo.linkpc.net/6094098098092091/Operation-Midnight-Tango-Operation-Midnight-1-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/6094098098097094/Operation-Midnight-Guardian-Operation-Midnight-3-by-Linda-Castillo.pdf
    • http://loaminoo.linkpc.net/4092093091096094/A-Secret-

Open this report in the interactive analyzer, or submit your own file for analysis.