Malicious PDF — malware analysis report

Static analysis result for SHA-256 38ffd8c6f2b7e2db…

MALICIOUS

PDF

14.0 KB Created: 2019-04-30 05:40:32 +01:00 Authoring application: mPDF 5.7
MD5: a083ed1a032701211b6ea7ee8b7bb3a5 SHA-1: 9e123d533cc2c60c9fbf7249e101a77ea9eaffaa SHA-256: 38ffd8c6f2b7e2dbb30b70af8982a76d24fd9870ddfc446832a2d598208cb5d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which are presented as book downloads. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a link farm intended to redirect users to potentially malicious content. The ML_NYX_PDF_MALICIOUS classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/6094093098091/Bitter-Sweet-Love-The-Dark-Elements-0-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/8093096090092091/The-Dark-Elements---La-trilogia-The-Dark-Elements-1-3-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/8093095099092090/The-Dark-Elements-Volume-One-The-Dark-Elements-1-2-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4092097093099092/Storm-and-Fury-The-Dark-Elements-4-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/1092092099095098/White-Hot-Kiss-The-Dark-Elements-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/7090095092092097/White-Hot-Kiss-The-Dark-Elements-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3092098090091094/Stone-Cold-Touch-The-Dark-Elements-2-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/8099097093091090/Verlorene-Welt-Bitter-amp-Sweet-Bitter-amp-Sweet-3-by-Linea-Harris.pdf
    • http://loaminoo.linkpc.net/9094095094091095/Bitter-Love-Roman-by-Jennifer-Brown.pdf
    • http://loaminoo.linkpc.net/1098090091096091/Bitter-Sweet-Bitter-Trilogy-1-by-Cristal-Lorenzo.pdf
    • http://loaminoo.linkpc.net/1091094094091093/Bitter-Sweet-by-Laura-Best.pdf
    • http://loaminoo.linkpc.net/4096094093098/Don-t-Look-Back-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/6095093091093098/Opposition-Lux-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/6094091095/If-There-s-No-Tomorrow-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4098093093092094/Shadows-Lux-0-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4092099095091099/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4090091097093096/Oblivion-Lux-1-5-2-5-3-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/5090090097090093/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3092094090096/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3090097091099/Onyx-by-Jennifer-L-Armentrout.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.