Malicious PDF — malware analysis report

Static analysis result for SHA-256 380ea0be70c9e28c…

MALICIOUS

PDF

15.7 KB Created: 2019-05-02 05:02:05 +01:00 Authoring application: mPDF 5.7
MD5: 6e870bc76d96b9e3d229591cc8ee499f SHA-1: 40bd937f5d9f7d86fc390dada029ba5dbe2a173b SHA-256: 380ea0be70c9e28cf2b2aa509bd0901eb89aafc1ec1ad292aa2b7e34983b7a6c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links, such as http://xiixmcuin.linkpc.net/3202201203207206/Untitled-The-Trials-of-Apollo-5-by-Rick-Riordan.pdf, are presented as book downloads but likely serve as a lure to a malicious site. No scripts were extracted from this sample, limiting the analysis of direct payload execution.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/3202201203207206/Untitled-The-Trials-of-Apollo-5-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3209203205203207/The-Burning-Maze-The-Trials-of-Apollo-3-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/4200208200208207/The-Hidden-Oracle-The-Trials-of-Apollo-1-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/7206201206209/The-Dark-Prophecy-The-Trials-of-Apollo-2-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3203207209205207/The-Burning-Maze-The-Trials-of-Apollo-3-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3205207203205201/The-Dark-Prophecy-The-Trials-of-Apollo-2-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/6202202207/Camp-Half-Blood-Confidential-The-Trials-of-Apollo-2-5-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/7207201204205202/The-Dark-Prophecy-The-Trials-of-Apollo-Series-2-Pre-Order-Release-Date-05-02-2017-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3208204202203/Demigods-and-Monsters-Your-Favorite-Authors-on-Rick-Riordan-s-Percy-Jackson-and-the-Olympians-Series-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/6208202202200/The-Son-of-Neptune-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3203201209200/The-Demigod-Files-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3204203200207/The-Demigod-Diaries-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3205201201206208/The-Son-of-Neptune-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/2206208207209/Big-Red-Tequila-Tres-Navarre-1-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/4204200200203203/The-Red-Pyramid-Kane-Chronicles-1-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/4203206204206207/The-Red-Pyramid-Kane-Chronicles-1-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/5204201204204204/Neptunus-fia-The-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3205201205202206/The-Son-of-Neptune-Heroes-of-Olympus-2-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/2209206209203204/Vespers-Rising-The-39-Clues-11-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/5207206207206209/The-Red-Pyramid-Kane-Chronicles-1-by-Rick-Riordan.pdf
    • http://xiixmcuin.linkpc.net/3208204202203/Demigods-and-Monsters-Your-Favorite-Authors-on-Rick-Riordan-s-Percy-Jackson-and-the-Olympians-Series-by-Rick-

Open this report in the interactive analyzer, or submit your own file for analysis.