Malicious PDF — malware analysis report

Static analysis result for SHA-256 37096de432883ee1…

MALICIOUS

PDF

16.1 KB Created: 2019-05-01 20:06:23 +01:00 Authoring application: mPDF 5.7
MD5: b7dbfc568ea33acfe25bc321d7ddb41c SHA-1: c033f7fbf14375b0db520d8d7f4a2d6f842a188f SHA-256: 37096de432883ee1e1fb8fee5575d6b0bf4e5bb2f9a220506eea7e43c1d75a5c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs pointing to external PDF files hosted on the loaminoo.linkpc.net domain. This suggests a link farm or redirection scheme designed to lead users to potentially malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4097095097096098/How-I-Found-You-by-Gabriella-Lepore.pdf
    • http://loaminoo.linkpc.net/3097090091093093/Secrets-in-Phoenix-Phoenix-Holt-1-by-Gabriella-Lepore.pdf
    • http://loaminoo.linkpc.net/2093095097/Blackheath-The-Blackheath-Witches-1-by-Gabriella-Lepore.pdf
    • http://loaminoo.linkpc.net/3097097096093/The-Witches-of-the-Glass-Castle-The-Witches-of-the-Glass-Castle-1-by-Gabriella-Lepore.pdf
    • http://loaminoo.linkpc.net/8097098091093091/Gabriella-and-Her-Berry-Good-Friends-Gabriella-Books-4-by-Patsy-Di-Leo.pdf
    • http://loaminoo.linkpc.net/8097098090097099/Gabriella-and-Her-Bouquet-of-Friends-Gabriella-Books-1-by-Jerry-Di-Leo.pdf
    • http://loaminoo.linkpc.net/7094090098094/Principia-Discordia-Or-How-I-Found-Goddess-and-What-I-Did-to-Her-When-I-Found-Her-The-Magnum-Opiate-of-Malaclypse-the-Younger-by-Gregory-Hill.pdf
    • http://loaminoo.linkpc.net/3093099092096091/Found-at-the-Bookstore-Found-2-by-Christi-Snow.pdf
    • http://loaminoo.linkpc.net/2091091093099091/Found-Lost-amp-Found-2-by-Nadia-Simonenko.pdf
    • http://loaminoo.linkpc.net/2097092090096093/Found-at-the-Library-Found-1-by-Christi-Snow.pdf
    • http://loaminoo.linkpc.net/8092090099099/The-Secret-History-of-Wonder-Woman-by-Jill-Lepore.pdf
    • http://loaminoo.linkpc.net/3093094091098098/The-Secret-History-of-Wonder-Woman-by-Jill-Lepore.pdf
    • http://loaminoo.linkpc.net/3092091094090093/Descent-into-Dust-Emma-Andrews-1-by-Jacqueline-Lepore.pdf
    • http://loaminoo.linkpc.net/4095094098095090/Immortal-with-a-Kiss-Emma-Andrews-2-by-Jacqueline-Lepore.pdf
    • http://loaminoo.linkpc.net/4098093090096099/He-Found-Me-He-Found-Me-1-by-Whitney-Barbetti.pdf
    • http://loaminoo.linkpc.net/2092099092099095/Found-by-You-Found-by-You-1-by-Victoria-H-Smith.pdf
    • http://loaminoo.linkpc.net/3095094090093090/He-Found-Me-He-Found-Me-1-by-Whitney-Barbetti.pdf
    • http://loaminoo.linkpc.net/2098097092099097/Principia-Discordia-Or-quot-How-I-Found-Goddess-and-What-I-Did-to-Her-When-I-Found-Her-quot-by-Gregory-Hill.pdf
    • http://loaminoo.linkpc.net/8097098092090099/Gabriella-by-Julia-Palter.pdf
    • http://loaminoo.linkpc.net/7091091097098095/Come-in-volo-by-Gabriella-Daniele.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.