Malicious PDF — malware analysis report

Static analysis result for SHA-256 2866ccc05f23f9b2…

MALICIOUS

PDF

13.9 KB Created: 2019-04-30 04:22:20 +01:00 Authoring application: mPDF 5.7
MD5: 1df995d751afdf320836b007e47b8681 SHA-1: 8ff6c9be000631f0047c7d42e4c0f9c5567800f9 SHA-256: 2866ccc05f23f9b2314a1d941a1b82c4ea66087bc9a4ee7bd636718349c54a9e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a PDF_SEO_LINK_FARM heuristic firing, indicating the presence of numerous external links. These links, predominantly hosted on 'loaminoo.linkpc.net', are likely part of a link farm or redirection scheme, aiming to manipulate search results or lead users to potentially harmful content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1090091096099098098/Buck-Godot-Psmith-Buck-Godot-2-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/1090091097090098092/Buck-Godot-Zap-Gun-for-Hire-Buck-Godot-1-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/1090091096099098095/Buck-Em-The-Autobiography-of-Buck-Owens-by-Randy-Poe.pdf
    • http://loaminoo.linkpc.net/1090091097092091090/Buck-Buck-the-Chicken-by-Amy-Ehrlich.pdf
    • http://loaminoo.linkpc.net/1090091097090097093/Buck-Baxter-Love-Detective-The-Buck-Baxter-Mysteries-1-by-Geoffrey-Knight.pdf
    • http://loaminoo.linkpc.net/9093099091093091/Waiting-for-Godot-by-Samuel-Beckett.pdf
    • http://loaminoo.linkpc.net/1098094090090096/Waiting-for-Godot-by-Samuel-Beckett.pdf
    • http://loaminoo.linkpc.net/4095096099098099/Waiting-for-Godot-A-Tragicomedy-in-Two-Acts-by-Samuel-Beckett.pdf
    • http://loaminoo.linkpc.net/1091096094091091093/Horst-and-Graben-at-the-Chateau-Godot-A-Play-in-One-Act-by-Jeffrey-Gold.pdf
    • http://loaminoo.linkpc.net/4092097095096/Agatha-H-and-the-Airship-City-Girl-Genius-Novels-1-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/1094098098092092/Agatha-Heterodyne-and-the-Voice-of-the-Castle-Girl-Genius-7-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/1094098099099094/Agatha-Heterodyne-and-the-Circus-of-Dreams-Girl-Genius-4-by-Phil-Foglio.pdf
    • http://loaminoo.linkpc.net/7097097099097/Kinfolk-by-Pearl-S-Buck.pdf
    • http://loaminoo.linkpc.net/4092095094091093/Red-hot-Satin-by-Carole-Buck.pdf
    • http://loaminoo.linkpc.net/1090091097092090094/The-Miracle-Man-by-Buck-Storm.pdf
    • http://loaminoo.linkpc.net/1090091096099098099/The-Mother-A-Novel-by-Pearl-S-Buck.pdf
    • http://loaminoo.linkpc.net/1094090094095090/The-Tempering-by-Howard-Buck.pdf
    • http://loaminoo.linkpc.net/2097096094097091/Dandelions-by-Jennifer-Buck.pdf
    • http://loaminoo.linkpc.net/1090091097091095095/The-Hidden-Flower-by-Pearl-S-Buck.pdf
    • http://loaminoo.linkpc.net/1090091097090097092/Buck-Me-Daddy-by-Ruby-Steele.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.