Malicious PDF — malware analysis report

Static analysis result for SHA-256 3805fd9940fd7435…

MALICIOUS

PDF

12.8 KB Created: 2019-05-03 09:12:23 +01:00 Authoring application: mPDF 5.7
MD5: b5fbc89845b4ca767765bb3c6d4c522d SHA-1: feb18d684a216175ed1267036dc53291e75b72be SHA-256: 3805fd9940fd7435bff44dfd242e43b0082370ab85f2587cc4a8ca6b4f7838a8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a mass of external links, identified as a PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or redirection scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8905

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7097096099092099/Allure-The-Watcher-0-5-by-Robin-Woods.pdf
    • http://loaminoo.linkpc.net/7097097090094090/Allure-by-Jo-Ann-Power.pdf
    • http://loaminoo.linkpc.net/7097097090094094/Allure-by-Sommer-Marsden.pdf
    • http://loaminoo.linkpc.net/7097097091098095/Allure-Box-Set-by-N-Isabelle-Blanco.pdf
    • http://loaminoo.linkpc.net/7097096099090098/Allure-by-Diana-Vreeland.pdf
    • http://loaminoo.linkpc.net/7097096099092097/Allure-by-Christin-Lovell.pdf
    • http://loaminoo.linkpc.net/7097097091098099/Ms-Allure-by-Shannon-Ellison.pdf
    • http://loaminoo.linkpc.net/7097097090093098/Allure-by-Yuri-Ebihara.pdf
    • http://loaminoo.linkpc.net/7097097091099092/A-Diamond-s-Allure-by-Eboni-Snoe.pdf
    • http://loaminoo.linkpc.net/2092092098099098/Allure-Leathers-1-by-Lacey-Weatherford.pdf
    • http://loaminoo.linkpc.net/8090096090098097/The-Allure-of-Turquoise-by-Arnold-Vigil.pdf
    • http://loaminoo.linkpc.net/7097097091091090/Allure-Men-of-Hidden-Creek-2-by-Blake-Roland.pdf
    • http://loaminoo.linkpc.net/8095090095092097/Jim-Jarmusch-une-autre-allure-by-Philippe-Azoury.pdf
    • http://loaminoo.linkpc.net/3094098099095091/Seduction-s-Kiss-The-Allure-Chronicles-0-5-by-Alyssa-Rose-Ivy.pdf
    • http://loaminoo.linkpc.net/7097097091097098/Allure-of-the-Gypsies-Legends-of-Windemere-3-by-Charles-E-Yallowitz.pdf
    • http://loaminoo.linkpc.net/7097097091098098/The-Allure-of-Attraction-The-Matchmaker-of-Edinburgh-3-by-Julia-Kelly.pdf
    • http://loaminoo.linkpc.net/1090092090091099095/Faun-Lost-in-the-Woods-The-Faun-Woods-Book-1-by-Gen-Summercolt.pdf
    • http://loaminoo.linkpc.net/1096095096096/The-Watcher-by-Kay-Nolte-Smith.pdf
    • http://loaminoo.linkpc.net/4091094097094099/The-Watcher-by-Tara-Crescent.pdf
    • http://loaminoo.linkpc.net/4092097099094098/The-Watcher-by-James-Howe.pdf
    • http://loaminoo.linkpc.net/7097097091097098/Allure-of-the-Gypsies-Le

Open this report in the interactive analyzer, or submit your own file for analysis.