Malicious PDF — malware analysis report

Static analysis result for SHA-256 33217916b12ff8e3…

MALICIOUS

PDF

12.7 KB Created: 2019-05-02 06:57:47 +01:00 Authoring application: mPDF 5.7
MD5: b02577489344839dee526bde4ef8b7b0 SHA-1: cc1b5cbfdd20149b8abc48e8c1e1b69f98eadab4 SHA-256: 33217916b12ff8e33aa9942418c286a1221e15b0ccefa0a5f84cb56078379d7c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to other PDFs hosted on the 'loaminoo.linkpc.net' domain. This is indicative of a link farm or a distribution mechanism for further malicious content. While the specific payload is not directly executed by this PDF, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests a malicious intent to manipulate search results or redirect users to potentially harmful sites. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8905

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.n
    • http://loaminoo.linkpc.net/2090097095090096/The-Hit-Will-Robie-2-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1091099098096090098/The-Innocent-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/4096094097091095/King-and-Maxwell-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/8093090097090098/Divine-justice-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1095093097090094/End-Game-Will-Robie-5-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/6097099090/End-Game-Will-Robie-5-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/3095098095097099/The-Christmas-Train-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/6098090092095093/The-Christmas-Train-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1090092097094091/Total-Control-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1090095098098095096/Interview-with-David-Baldacci-by-Andrew-Gulli.pdf
    • http://loaminoo.linkpc.net/9098099091/The-Escape-John-Puller-3-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/2094099094091091/The-Last-Mile-Amos-Decker-2-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1090095098099096095/The-Winner-The-Simple-Truth-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1090095098099095099/The-Stars-Below-Vega-Jane-4-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/6090092/Memory-Man-Amos-Decker-1-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/2091097094090097/The-Forgotten-John-Puller-2-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1095093097090095/Memory-Man-Amos-Decker-1-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/4098099091097/The-Collectors-Camel-Club-2-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/9093091092092099/Split-Second-The-Christmas-Train-by-David-Baldacci.pdf
    • http://loaminoo.linkpc.net/1090095098098094097/Sidekick-to-The-Escape-by-David-Baldacci-by-Katherine-R-Miller.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.