Malicious PDF — malware analysis report

Static analysis result for SHA-256 20693f6f56335ab3…

MALICIOUS

PDF

16.6 KB Created: 2020-03-18 22:35:40 +00:00 Authoring application: mPDF 5.7
MD5: 8ab1ba20d6b1e095f015bac2e3b35629 SHA-1: 791e296a0c6471fd860825bb2da4206e9e7791d1 SHA-256: 20693f6f56335ab380668f00c1c061728fd5edd2f3ff4ecb1f3c39425bec8067
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a 'PDF_SEO_LINK_FARM' heuristic. These URLs point to various book-related content, but their sheer volume and the use of numeric slugs suggest a potential SEO manipulation or redirection scheme. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the direct user-facing intent beyond the link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lwoscmobook.myhome.cx/1524052455246524752435241/The-Time-Machine-the-Original-Novel-Annotated-Masterpiece-Collection-The-Time-Machine-H-G-Wells-Famous-Quotes-Book-List-and-Biography-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/152405242524252475249/The-Time-Machine-The-Wonderful-Visit-and-Other-Stories-The-Works-of-H-G-Wells-Vol-1-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/652455241524852495248/The-Time-Machine-Herbert-George-Wells-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/552485240524452425245/The-Time-Machine-An-Invention-Annotated-H-G-Wells-1-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/552485248524052405246/The-Time-Machine-By-H-G-Wells---Illustrated-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/852415247524152435242/The-Time-Machine-The-Original-Time-Travel-Story-A-Short-Science-Fiction-Novel-about-Time-Travel-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/752425245524452425242/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/552455244524452405248/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/952495248524152425242/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/652455243524552455248/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/752415246524752485243/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/452495241524852435241/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/852435242524652405248/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/652495249524052425247/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/1524152405245524952445249/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/852425248524652435244/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/35242524352465244/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/952405245524152445246/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/552465247524952485247/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/852495244524952415246/The-Time-Machine-by-H-G-Wells.pdf
    • http://lwoscmobook.myhome.cx/852415247524152435242/The-Time-Machine-

Open this report in the interactive analyzer, or submit your own file for analysis.