Malicious PDF — malware analysis report

Static analysis result for SHA-256 26d4bd23239f0f83…

MALICIOUS

PDF

14.0 KB Created: 2019-05-02 01:38:45 +01:00 Authoring application: mPDF 5.7
MD5: 8ec9b5731f1cec8e3483b7bb21a15d66 SHA-1: 955b10100a0a8f00300e943746617275ca7afc7e SHA-256: 26d4bd23239f0f83fac5503ae82fe8ae52a3ab1677cc32c22fdae195eb98b0af
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various book titles hosted on loaminoo.linkpc.net. While the URLs themselves are marked as benign, the sheer volume and the nature of the heuristic suggest a potential attempt at SEO manipulation or distributing a large number of seemingly legitimate but potentially malicious links. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4099098098095093/Actual-Innocence-Five-Days-to-Execution-and-Other-Dispatches-From-the-Wrongly-Convicted-by-Barry-Scheck.pdf
    • http://loaminoo.linkpc.net/6096093096093092/See-You-Later-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/7090098098090095/The-Grave-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/2094093099091098/Bound-to-You-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/7091095093095/Sati-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/1091095092096095/The-Immortal-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/1090099096091097/Spellbound-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/7095095096090/Witch-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/1099095095090093/Strange-Girl-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/2091092095092094/Phantom-The-Last-Vampire-4-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/2097096090096090/The-Red-Dice-The-Last-Vampire-3-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/6097097090092096/The-Last-Story-Remember-Me-3-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/8096097091094/The-Wicked-Heart-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/8092099093093/Bury-Me-Deep-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/6091099096097/The-Blind-Mirror-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/1095095099095093/The-Starlight-Crystal-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/8094094096093/The-Shadow-of-Death-Thirst-4-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/2094094098095096/The-Cold-People-Spooksville-5-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/6097097090092097/The-Dance-Final-Friends-2-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/4099098092097099/The-Party-Final-Friends-1-by-Christopher-Pike.pdf
    • http://loaminoo.linkpc.net/8096097091094/The-Wicked-Hea

Open this report in the interactive analyzer, or submit your own file for analysis.