Malicious PDF — malware analysis report

Static analysis result for SHA-256 30ad6295ee7f5b4e…

MALICIOUS

PDF

13.3 KB Created: 2019-04-30 05:57:44 +01:00 Authoring application: mPDF 5.7
MD5: b51909715715bb28fc7b5d4d09870354 SHA-1: fdad701becea9a38ae9989ca0b6f0bd310546462 SHA-256: 30ad6295ee7f5b4e0dccb01da63d7d8bcdf03948fb9117449e41725b67186515
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on the 'loaminoo.linkpc.net' domain. This behavior is indicative of a link farm or SEO poisoning attack, designed to drive traffic to specific content, potentially for malicious purposes. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.ne
    • http://loaminoo.linkpc.net/4094092099098092/Okay-Okay-by-Melinda-Tracy-Boyce.pdf
    • http://loaminoo.linkpc.net/9094094096092098/Tracy-Beaker-s-Thumping-Heart-Tracy-Beaker-4-by-Jacqueline-Wilson.pdf
    • http://loaminoo.linkpc.net/2097092097095096/The-Herbalist-by-Niamh-Boyce.pdf
    • http://loaminoo.linkpc.net/1099092091091097/Once-a-Duchess-by-Elizabeth-Boyce.pdf
    • http://loaminoo.linkpc.net/1091091091099098/Millions-by-Frank-Cottrell-Boyce.pdf
    • http://loaminoo.linkpc.net/3092091097091/Cosmic-by-Frank-Cottrell-Boyce.pdf
    • http://loaminoo.linkpc.net/5095091090093/Lichgates-The-Grimoire-Saga-1-by-S-M-Boyce.pdf
    • http://loaminoo.linkpc.net/3093094098098096/Lichgates-Grimoire-Saga-1-by-S-M-Boyce.pdf
    • http://loaminoo.linkpc.net/1095091091093095/The-Fatal-Coin-by-Lucienne-Boyce.pdf
    • http://loaminoo.linkpc.net/5091099095095/Treason-The-Grimoire-Saga-2-by-S-M-Boyce.pdf
    • http://loaminoo.linkpc.net/7093091090099090/Truth-Within-Dreams-The-Honorables-1-5-by-Elizabeth-Boyce.pdf
    • http://loaminoo.linkpc.net/3091098096097/The-Unforgotten-Coat-by-Frank-Cottrell-Boyce.pdf
    • http://loaminoo.linkpc.net/7093091091090096/Duty-Before-Desire-The-Honorables-2-by-Elizabeth-Boyce.pdf
    • http://loaminoo.linkpc.net/7093091091090098/Valor-Under-Siege-The-Honorables-3-by-Elizabeth-Boyce.pdf
    • http://loaminoo.linkpc.net/3092091095099092/The-Fifteen-Wonders-of-Daniel-Green-by-Erica-Boyce.pdf
    • http://loaminoo.linkpc.net/1090090093090097094/Tschitti---Das-Wunderauto-fliegt-wieder-by-Frank-Cottrell-Boyce.pdf
    • http://loaminoo.linkpc.net/1090090093090090096/Tschitti---Im-Wettrennen-gegen-die-Zeit-by-Frank-Cottrell-Boyce.pdf
    • http://loaminoo.linkpc.net/3091097095092/Sputnik-s-Guide-to-Life-on-Earth-by-Frank-Cottrell-Boyce.pdf
    • http://loaminoo.linkpc.net/1091092093094094095/Raku-Glass---A-Kiln-Firing-Process-by-Boyce-Lundstrom.pdf
    • http://loaminoo.linkpc.net/5098090095094099/The-First-Vagabond-Rise-of-a-Hero-Cedric-s-Story-The-Ourean-Chronicles-2-by-S-M-Boyce.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.