Malicious PDF — malware analysis report

Static analysis result for SHA-256 1f7fc58408fa2f88…

MALICIOUS

PDF

17.9 KB Created: 2019-04-30 04:38:32 +01:00 Authoring application: mPDF 5.7
MD5: d517e90ade9858f2f2d7390df8139177 SHA-1: 6b2ca466a3e2db7f4228fbce8bba0d141c75338f SHA-256: 1f7fc58408fa2f88f9df7d5e70b942a31aa4fe1dad39e23d92e6a21a0b770230
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to book titles on the domain loaminoo.linkpc.net. This is indicative of a link farm or SEO poisoning tactic, designed to drive traffic to potentially malicious or unwanted content. The ML classifier strongly supports the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1090091096099098095/Buck-Em-The-Autobiography-of-Buck-Owens-by-Randy-Poe.pdf
    • http://loaminoo.linkpc.net/1090091097092091090/Buck-Buck-the-Chicken-by-Amy-Ehrlich.pdf
    • http://loaminoo.linkpc.net/1090091097090097093/Buck-Baxter-Love-Detective-The-Buck-Baxter-Mysteries-1-by-Geoffrey-Knight.pdf
    • http://loaminoo.linkpc.net/1090090090099099092/When-we-meet-a-person-of-destiny-a-miracle-happens-in-my-life-A-trajectory-to-a-miracle-meeting-Twin-Soul-by-Manami-Himekawa.pdf
    • http://loaminoo.linkpc.net/7096095097092096/Stardust-Miracle-Miracle-Interrupted-2-by-Edie-Ramer.pdf
    • http://loaminoo.linkpc.net/1090091097090098092/Buck-Godot-Zap-Gun-for-Hire-Buck-Godot-1-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/1090091096099098098/Buck-Godot-Psmith-Buck-Godot-2-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/5095097093097094/Christmas-Miracle-in-July-Christmas-Miracle-Series-Book-1-by-R-M-Gauthier.pdf
    • http://loaminoo.linkpc.net/3098096090096097/The-Miracle-Girls-Miracle-Girls-1-by-Anne-Dayton.pdf
    • http://loaminoo.linkpc.net/2098096094097090/The-Storm-Dragon-s-Heart-Storm-Phase-1-by-David-Alastair-Hayden.pdf
    • http://loaminoo.linkpc.net/1098098098092093/Magic-In-The-Storm-Storm-3-by-Meredith-Bond.pdf
    • http://loaminoo.linkpc.net/1094098098090090/Storm-MC-Collection-Storm-MC-1-3-2-5-by-Nina-Levine.pdf
    • http://loaminoo.linkpc.net/5090090094097093/Wethering-the-Storm-The-Storm-2-by-Samantha-Towle.pdf
    • http://loaminoo.linkpc.net/4093092091098/In-the-Eye-of-the-Storm-Storm-and-Silence-2-by-Robert-Thier.pdf
    • http://loaminoo.linkpc.net/2091090093093098/Taken-by-Storm-Taken-by-Storm-1-by-Angela-Morrison.pdf
    • http://loaminoo.linkpc.net/1090093096095097098/Aquis-Submersis-und-Immensee---Zwei-Novellen-von-Theodor-Storm-by-Theodor-Storm.pdf
    • http://loaminoo.linkpc.net/1090093096095099091/Theodor-Storm-Novellen-M-rchen-Gedichte-amp-Briefe-ber-400-Titel-in-einem-Band-Der-Schimmelreiter-Der-kleine-H-welmann-Immensee-Pole-Poppensp-ler-Marthe-und-ihre-Uhr-by-Theodor-Storm.pdf
    • http://loaminoo.linkpc.net/1090091096099098099/The-Mother-A-Novel-by-Pearl-S-Buck.pdf
    • http://loaminoo.linkpc.net/1094090094095090/The-Tempering-by-Howard-Buck.pdf
    • http://loaminoo.linkpc.net/7097097099097/Kinfolk-by-Pearl-S-Buck.pdf
    • http://loaminoo.linkpc.net/2098096094097090/The-Storm-D

Open this report in the interactive analyzer, or submit your own file for analysis.