Malicious PDF — malware analysis report

Static analysis result for SHA-256 3b9cc3f6ab8c5f75…

MALICIOUS

PDF

15.9 KB Created: 2019-05-07 03:35:30 +01:00 Authoring application: mPDF 5.7
MD5: 3dcbedddb632c3f5eb6d41210ff35a03 SHA-1: 72cb798a3d9810c61bfd72fcbbc28920f354accd SHA-256: 3b9cc3f6ab8c5f7560f3e216a2d78450fca35fbc32414ebcdeb4694c7f962bbe
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or as a distribution vector. No scripts were extracted from this sample. The primary attack pattern observed is the creation of a link farm within the PDF document.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4096095092092096/Snow-in-Summer-The-Tale-of-an-American-Snow-White-by-Jane-Yolen.pdf
    • http://loaminoo.linkpc.net/4096097091097/Snow-A-Retelling-of-Snow-White-and-the-Seven-Dwarfs-by-Tracy-Lynn.pdf
    • http://loaminoo.linkpc.net/5096099095095093/White-as-Snow-Not-Quite-the-Fairy-Tale-6-by-May-Sage.pdf
    • http://loaminoo.linkpc.net/7097098098090094/Die-Snow-White-Die-Damn-You-A-Very-Grimm-Tale-by-Yuri-Rasovsky.pdf
    • http://loaminoo.linkpc.net/3091099092098098/Snow-White-A-Grimm-s-Fairy-Tale-by-Charles-Santore.pdf
    • http://loaminoo.linkpc.net/3092090097096098/Rose-Red-amp-Snow-White-A-Grimms-Fairy-Tale-by-Ruth-Sanderson.pdf
    • http://loaminoo.linkpc.net/5090094096094099/Snow-White-and-the-Seven-Keys-to-Doomsday-A-Time-Lord-Fairy-Tale-7-by-Justin-Richards.pdf
    • http://loaminoo.linkpc.net/5093099095090091/The-Sofi-Snow-Novels-The-Evaporation-of-Sofi-Snow-and-Reclaiming-Shilo-Snow-by-Mary-Weber.pdf
    • http://loaminoo.linkpc.net/1094090093098097/Snow-on-Snow-A-Conversation-Between-Jakucho-Setouchi-and-Tess-Gallagher-by-Maura-Stanton.pdf
    • http://loaminoo.linkpc.net/1090095091096093095/Snow-Sense-A-Guide-to-Evaluating-Snow-Avalanche-Hazard-by-Jill-Fredston.pdf
    • http://loaminoo.linkpc.net/2097094092095/White-Jenna-Great-Alta-2-by-Jane-Yolen.pdf
    • http://loaminoo.linkpc.net/5094095097094/Boots-and-the-Seven-Leaguers-A-Rock-and-Troll-Fairy-Tale-3-by-Jane-Yolen.pdf
    • http://loaminoo.linkpc.net/2099092090091099/Six-Gun-Snow-White-by-Catherynne-M-Valente.pdf
    • http://loaminoo.linkpc.net/2094097096091/Six-Gun-Snow-White-by-Catherynne-M-Valente.pdf
    • http://loaminoo.linkpc.net/1091097091094092096/Snow-White-by-Roberto-Piumini.pdf
    • http://loaminoo.linkpc.net/4097099092093090/Snow-White-by-Josephine-Poole.pdf
    • http://loaminoo.linkpc.net/4090094091090092/Snow-White-by-Jacob-Grimm.pdf
    • http://loaminoo.linkpc.net/3098091090093095/White-as-Snow-by-Holly-Love.pdf
    • http://loaminoo.linkpc.net/1090099096096095/Not-So-Snow-White-by-K-Sean-Jennkrist.pdf
    • http://loaminoo.linkpc.net/2090093094097095/Not-So-Snow-White-by-K-Sean-Jennkrist.pdf
    • http://loaminoo.linkpc.net/1094090093098097/Snow-on-Snow-A-Conversation-

Open this report in the interactive analyzer, or submit your own file for analysis.