Malicious PDF — malware analysis report

Static analysis result for SHA-256 28c2d246a2f61ca0…

MALICIOUS

PDF

14.0 KB Created: 2019-04-30 02:43:36 +01:00 Authoring application: mPDF 5.7
MD5: 16f761e786ee844731a05d70d9f455a8 SHA-1: 2fca706beb31566b8a95109d455d2b8a210dcf8b SHA-256: 28c2d246a2f61ca02438219c00f3efe44528537b7ed10b43e565cab0b1132d2e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The embedded URLs, while appearing to link to books, are likely part of a link farm designed to manipulate search engine rankings or redirect users to malicious sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/1205204208201202/The-Awakeners-Northshore-amp-Southshore-The-Awakeners-1-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/5206203207201/The-Companions-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1200205208208207/Singer-from-the-Sea-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/2206205209208205/Grass-Arbai-1-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1200205208209202/Six-Moon-Dance-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/6208209204209/The-Family-Tree-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/4202208200203208/Dervish-Daughter-The-End-of-the-Game-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1200202208207208/Raising-the-Stones-Arbai-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/3207207202209207/The-Gate-to-Women-s-Country-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/3208205206206205/Raising-the-Stones-Arbai-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/4207204201200200/Gibbon-s-Decline-and-Fall-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/3207207204203207/Raising-the-Stones-Arbai-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1200207202204201/The-Waters-Rising-Plague-of-Angels-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/9200208203207202/Marianne-the-Madame-and-the-Momentary-Gods-Marianne-2-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1206204206200200/Marianne-the-Magus-and-the-Manticore-Marianne-1-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/2203201201204203/The-Marianne-Trilogy-Marianne-1-3-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1205205209203209/The-Song-of-Mavin-Manyshaped-The-Chronicles-of-Mavin-Manyshaped-1-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/1206200200208208/A-Plague-of-Angels-Plague-of-Angels-1-by-Sheri-S-Tepper.pdf
    • http://xiixmcuin.linkpc.net/4203205206205/No-Doubt-About-It-by-Sheri-Dew.pdf
    • http://xiixmcuin.linkpc.net/3201209206202203/Where-You-Can-Find-Me-by-Sheri-Joseph.pdf
    • http://xiixmcuin.linkpc.net/1200207202204201/The-Wa

Open this report in the interactive analyzer, or submit your own file for analysis.