Malicious PDF — malware analysis report

Static analysis result for SHA-256 38fa5469d6cf84e2…

MALICIOUS

PDF

17.2 KB Created: 2019-05-02 17:15:25 +01:00 Authoring application: mPDF 5.7
MD5: c7f4a70cfba0e4ad5fcb68d815e889d1 SHA-1: ff5d9bbb95b6acaace06f719e365621f36d63198 SHA-256: 38fa5469d6cf84e29af9f95485caddd9600cbc83c9f3ad1c61e7d23836d5f3da
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The embedded URLs, such as http://loaminoo.linkpc.net/2099093093094092/Exquisite-Trouble-Iron-Horse-MC-1-by-Ann-Mayburn.pdf, are likely used to distribute further malicious content or for SEO spam. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2099093093094092/Exquisite-Trouble-Iron-Horse-MC-1-by-Ann-Mayburn.pdf
    • http://loaminoo.linkpc.net/3095099093099093/Exquisite-Trouble-Iron-Horse-MC-1-by-Ann-Mayburn.pdf
    • http://loaminoo.linkpc.net/4095096095094096/Exquisite-Redemption-Iron-Horse-MC-3-by-Ann-Mayburn.pdf
    • http://loaminoo.linkpc.net/4098093099096092/Exquisite-Karma-Iron-Horse-MC-4-by-Ann-Mayburn.pdf
    • http://loaminoo.linkpc.net/9094099091091097/Iron-Fey-Series-Volume-1-The-Iron-King-Winter-s-Passage-The-Iron-Daughter-The-Iron-Queen-Summer-s-Crossing-by-Julie-Kagawa.pdf
    • http://loaminoo.linkpc.net/6091098094092097/The-Iron-Horse-by-Jean-Michel-Charlier.pdf
    • http://loaminoo.linkpc.net/4096095097090090/The-Trouble-with-Being-a-Horse-by-Emily-Edwards.pdf
    • http://loaminoo.linkpc.net/5099094092097096/The-Last-Iron-Horse-The-Kingdom-of-Walden-Series-2-by-Kristan-Cannon.pdf
    • http://loaminoo.linkpc.net/1091097090093099098/The-Clockwork-God-Aboard-the-Great-Iron-Horse-1-by-Jamie-Sedgwick.pdf
    • http://loaminoo.linkpc.net/8093092095099098/Horse-Trouble-Saddle-Club-23-by-Bonnie-Bryant.pdf
    • http://loaminoo.linkpc.net/3094092090096099/Exquisite-Exquisite-1-by-Ella-Frank.pdf
    • http://loaminoo.linkpc.net/1095099090092098/Exquisite-Exquisite-1-by-Ella-Frank.pdf
    • http://loaminoo.linkpc.net/6099092095094/Exquisite-Exquisite-1-by-Ella-Frank.pdf
    • http://loaminoo.linkpc.net/8092092095092098/Iron-Rails-Iron-Men-and-the-Race-to-Link-the-Nation-The-Story-of-the-Transcontinental-Railroad-by-Martin-W-Sandler.pdf
    • http://loaminoo.linkpc.net/1097098098092095/Iron-amp-Wine-The-Iron-World-Series-1-by-Candace-Osmond.pdf
    • http://loaminoo.linkpc.net/6095095098092/The-Iron-Duke-Iron-Seas-1-by-Meljean-Brook.pdf
    • http://loaminoo.linkpc.net/9094099091091095/Iron-King-4-The-Iron-Fey-Manga-4-by-Julie-Kagawa.pdf
    • http://loaminoo.linkpc.net/1091091098096090/The-Horse-Charmer-Phantom-Stallion-Wild-Horse-Island-1-by-Terri-Farley.pdf
    • http://loaminoo.linkpc.net/4093096093090091/Wonder-Horse-The-True-Story-of-the-World-s-Smartest-Horse-by-Emily-Arnold-McCully.pdf
    • http://loaminoo.linkpc.net/4096096090098099/Cross-Train-Your-Horse-Book-One-Simple-Dressage-for-Every-Horse-Every-Sport-by-Jane-Savoie.pdf
    • http://loaminoo.linkpc.net/3094092090096099/Exquisite-Exqui

Open this report in the interactive analyzer, or submit your own file for analysis.