Malicious PDF — malware analysis report

Static analysis result for SHA-256 2a26aded7b1f86fc…

MALICIOUS

PDF

16.5 KB Created: 2019-04-30 04:30:12 +01:00 Authoring application: mPDF 5.7
MD5: 064c987cab7265071d11e77c1da3474e SHA-1: 6423c1d1089bb7f21801458f631b089081f19ef5 SHA-256: 2a26aded7b1f86fcf51e4633bc542b2ac7b31872641665d46ff0d230d49168ce
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The embedded URLs are likely part of a link farm designed to drive traffic or potentially distribute further malware, though the specific payload is not evident from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1099091095096096/Original-Sins-The-Lost-Slayer-4-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/1099091096090090/King-of-the-Dead-The-Lost-Slayer-3-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/2093091096092093/The-Wisdom-of-War-Buffy-the-Vampire-Slayer-Season-5-2-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/2091092095092090/Child-of-the-Hunt-Buffy-the-Vampire-Slayer-Season-3-3-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/2094095096090092/Buffy-the-Vampire-Slayer-Spike-amp-Dru-Buffy-the-Vampire-Slayer-Comic-3-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/4096093093094092/Buffy-the-Vampire-Slayer-Classic-2-The-Origin-Buffy-the-Vampire-Slayer-Vol-1-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/6097098093096/Hellblazer-Original-Sins-by-Jamie-Delano.pdf
    • http://loaminoo.linkpc.net/4099096093092091/The-Golden-Lotus-A-Translation-from-the-Chinese-Original-of-the-Novel-Chin-P-Ing-Mei-by-Lanling-Xiaoxiao-Sheng.pdf
    • http://loaminoo.linkpc.net/3090094097098096/Poison-Ink-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/3091095096094090/Snowblind-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/3097092090093/Ararat-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/6098097093098/Prowlers-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/9098090094094/British-Invasion-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/2091093091093093/X-Men-Codename-Wolverine-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/3095098095099091/Dead-Ringers-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/1091093092090093095/Sons-of-Anarchy-1-of-6-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/1091092090092093/The-Un-Magician-OutCast-1-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/1090094090091095092/Wildwood-Road-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/3092090096097094/Spirits-of-the-Noh-The-Waking-2-by-Christopher-Golden.pdf
    • http://loaminoo.linkpc.net/6097094090092/Laws-of-Nature-Prowlers-2-by-Christopher-Golden.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.