Malicious PDF — malware analysis report

Static analysis result for SHA-256 329eec76a3b6fe67…

MALICIOUS

PDF

14.6 KB Created: 2019-04-30 18:33:05 +01:00 Authoring application: mPDF 5.7
MD5: 7510275ca281f10c9a4c346399d14439 SHA-1: 9930d09f70ed00220b7e2a1ea5e46cd0440d03fb SHA-256: 329eec76a3b6fe674f545449a30012242f6196d5176b34c22f0f287a54ed67bf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents. The heuristic PDF_SEO_LINK_FARM indicates this is a link farm, likely intended to manipulate search engine results or distribute malicious content indirectly. The majority of the extracted URLs are marked as confirmed benign, but the sheer volume and the nature of the heuristic suggest a malicious intent to obfuscate the true purpose or to serve as a lure. No scripts were extracted, and the document body was unreadable.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2093092091094/The-Teahouse-Of-The-August-Moon-by-John-Patrick.pdf
    • http://loaminoo.linkpc.net/2095097097094099/Kansas-in-August-by-Patrick-Gale.pdf
    • http://loaminoo.linkpc.net/1094096099092/The-Moon-Tenders-The-Mill-Creek-Irregulars-1-by-August-Derleth.pdf
    • http://loaminoo.linkpc.net/1097098099097090/The-Wolf-s-Moon-by-Patrick-Jones.pdf
    • http://loaminoo.linkpc.net/1092093098099096/The-Wolf-s-Moon-by-Patrick-Jones.pdf
    • http://loaminoo.linkpc.net/4098095095094096/Mistress-Oriku-Stories-from-a-Tokyo-Teahouse-by-Matsutaro-Kawaguchi.pdf
    • http://loaminoo.linkpc.net/6092090095094/John-Patrick-Norman-McHennessy-The-Boy-Who-Was-Always-Late-by-John-Burningham.pdf
    • http://loaminoo.linkpc.net/3099096092096097/Arlo-Finch-in-the-Valley-of-Fire-by-John-August.pdf
    • http://loaminoo.linkpc.net/2096090094092/Lightspeed-Magazine-August-2012-by-John-Joseph-Adams.pdf
    • http://loaminoo.linkpc.net/3097091090091090/John-Adams-by-John-Patrick-Diggins.pdf
    • http://loaminoo.linkpc.net/2094090094095095/Doubt-by-John-Patrick-Shanley.pdf
    • http://loaminoo.linkpc.net/4099094095094098/The-Curious-Savage-by-John-Patrick.pdf
    • http://loaminoo.linkpc.net/8094090092090090/Tom-Stoppard-s-Arcadia-by-John-Patrick-Fleming.pdf
    • http://loaminoo.linkpc.net/1095097094091/Mussolini-and-Fascism-The-View-from-America-by-John-Patrick-Diggins.pdf
    • http://loaminoo.linkpc.net/3093090099098092/The-Moon-and-the-Other-by-John-Kessel.pdf
    • http://loaminoo.linkpc.net/1091097092094090094/The-moon-is-down-by-John-Steinbeck.pdf
    • http://loaminoo.linkpc.net/5092096092099/The-Honorable-Knight-The-Fellowship-of-the-Ancient-Covenant-Book-1-by-Patrick-John-Donahoe.pdf
    • http://loaminoo.linkpc.net/1094090092094095/John-Medicinewolf-by-Michael-E-Moon.pdf
    • http://loaminoo.linkpc.net/3092096099093093/Harbors-of-the-Moon-by-John-Hill.pdf
    • http://loaminoo.linkpc.net/1091092097097098/Under-the-Baseball-Moon-by-John-H-Ritter.pdf
    • http://loaminoo.linkpc.net/1095097094

Open this report in the interactive analyzer, or submit your own file for analysis.