Malicious PDF — malware analysis report

Static analysis result for SHA-256 23d7e7ad82a615c5…

MALICIOUS

PDF

13.4 KB Created: 2019-04-30 05:15:22 +01:00 Authoring application: mPDF 5.7
MD5: 6e2dbee53fbd7314cd80e4b0fc275b06 SHA-1: 45a1c51727e79d6241d9dbd12890fbfdf0cb0847 SHA-256: 23d7e7ad82a615c5612ba1ee7f21aa125c42f8bae5c4f1f987964c627360b1eb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents hosted on the `xiixmcuin.linkpc.net` domain. This technique is often used for SEO poisoning or to distribute malicious payloads. While no scripts were extracted, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests a malicious intent to redirect users to potentially harmful content. The document body itself is heavily obfuscated and unreadable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/6201205202200204/Leo-Lionni-s-Little-Mice-Tales-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205202200202/Leo-Lionni-A-Passion-for-Creativity-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/8205202204209200/Numbers-Raging-Numbers-Game-3-by-Rebecca-Rode.pdf
    • http://xiixmcuin.linkpc.net/2209200202203205/Numbers-Numbers-1-by-Rachel-Ward.pdf
    • http://xiixmcuin.linkpc.net/1209209209203202/The-Numbers-Day-at-the-Park-It-s-fun-to-learn-your-numbers-in-English-and-Spanish-A-Z-Spanish-Missy-Bilingual-Series-Book-3-by-Spanish-Missy.pdf
    • http://xiixmcuin.linkpc.net/6201205202207206/Let-s-Play-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205203202205/Letters-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205201209209/It-s-Mine-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/4205204204202206/Frederick-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/3209206207203/Swimmy-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205202207208/Mr-McMouse-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/9204201203206/Nicolas-Where-Have-You-Been-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205202200207/A-Busy-Year-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205202200201/The-Alphabet-Tree-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205204201204/Colors-to-Talk-About-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205202207203/Flea-Story-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205202206209/Tillie-and-the-Wall-by-Leo-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205203207201/Facts-Of-Life-by-Pippi-Lionni.pdf
    • http://xiixmcuin.linkpc.net/6201205203201203/Yuri-on-Ice-dj---Tomodachi-to-Kiss-to-Koi-to-by-Lionni.pdf
    • http://xiixmcuin.linkpc.net/4201206200207208/Tico-and-the-Golden-Wings-by-Leo-Lionni.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.