Malicious PDF — malware analysis report

Static analysis result for SHA-256 2f712e38a6ed5d8e…

MALICIOUS

PDF

15.5 KB Created: 2019-05-02 19:52:42 +01:00 Authoring application: mPDF 5.7
MD5: 03377723c9b1f1477475c7e6037837ce SHA-1: b551a440a3c1c7069271a4b1558adb44cefa8c1d SHA-256: 2f712e38a6ed5d8e9da63fbedbc8694a08b61a11c1b2775fe935af17762f1112
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malware. The ML classifier strongly indicated maliciousness. The embedded URLs point to a dynamic DNS domain, suggesting an attempt to evade detection. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the direct user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4099096097096093/Georgia-A-Novel-of-Georgia-O-Keeffe-by-Dawn-Tripp.pdf
    • http://loaminoo.linkpc.net/3092096094099095/Georgia-O-Keeffe-One-Hundred-Flowers-by-Georgia-O-39-Keeffe.pdf
    • http://loaminoo.linkpc.net/9096092091098/Georgia-in-Hawaii-When-Georgia-O-Keeffe-Painted-What-She-Pleased-by-Amy-Novesky.pdf
    • http://loaminoo.linkpc.net/5099094096093097/Georgia-O-Keeffe-in-New-Mexico-A-Guide-by-Marsha-Bellavance-Johnson.pdf
    • http://loaminoo.linkpc.net/3093090090094093/Portrait-of-an-Artist-A-Biography-of-Georgia-O-Keeffe-by-Laurie-Lisle.pdf
    • http://loaminoo.linkpc.net/1098095094097099/Drums-and-Shadows-Survival-Studies-among-the-Georgia-Coastal-Negroes-by-Georgia-Writers-39-Project.pdf
    • http://loaminoo.linkpc.net/3093092097090090/The-Pot-Thief-Who-Studied-Georgia-O-Keeffe-The-Pot-Thief-Mysteries-Book-7-by-J-Michael-Orenduff.pdf
    • http://loaminoo.linkpc.net/1096092092094092/Confessions-of-Georgia-Nicolson-Confessions-of-Georgia-Nicolson-1-2-by-Louise-Rennison.pdf
    • http://loaminoo.linkpc.net/4095090099091/Going-Under-Going-Under-1-by-Georgia-Cates.pdf
    • http://loaminoo.linkpc.net/3095096091099094/Right-Here-Right-Now-by-Georgia-Beers.pdf
    • http://loaminoo.linkpc.net/9090092095093/Purebred-by-Georgia-Fox.pdf
    • http://loaminoo.linkpc.net/6097091092096092/Georgia-by-Lesley-Pearse.pdf
    • http://loaminoo.linkpc.net/1095096096/Indulge-by-Georgia-Cates.pdf
    • http://loaminoo.linkpc.net/3096091091096093/Pieces-of-Georgia-by-Jen-Bryant.pdf
    • http://loaminoo.linkpc.net/7098098090096/Shallow-Going-Under-2-by-Georgia-Cates.pdf
    • http://loaminoo.linkpc.net/1097093091095096/Between-a-Wolf-and-a-Dog-by-Georgia-Blain.pdf
    • http://loaminoo.linkpc.net/6091091094092098/Special-by-Georgia-Blain.pdf
    • http://loaminoo.linkpc.net/6096099092099091/Escape-by-Georgia-Bruton.pdf
    • http://loaminoo.linkpc.net/5090094094090098/The-Craftsman-Conquerors-3-by-Georgia-Fox.pdf
    • http://loaminoo.linkpc.net/2095096094091091/Darkwater-by-Georgia-Blain.pdf
    • http://loaminoo.linkpc.net/1096092092094092/Confessions-of-Georgia-Nicolson-Confessions-of-Georgia-Nicolson-1-

Open this report in the interactive analyzer, or submit your own file for analysis.