Malicious PDF — malware analysis report

Static analysis result for SHA-256 3be6f450474f1d4d…

MALICIOUS

PDF

14.1 KB Created: 2020-03-19 03:17:38 +00:00 Authoring application: mPDF 5.7
MD5: 8d9a3b6fb43d109241822496b1c589bd SHA-1: 06f87a710f16d2a7d2b3492a00cb4138758b3c5d SHA-256: 3be6f450474f1d4d9af9fa98d817b9552372f974babf45df026ba9d5b049c02e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'owlaokopdf.myhome.cx'. This is indicative of a link farm or SEO poisoning attack, designed to drive traffic to potentially malicious content. The heuristic 'PDF_SEO_LINK_FARM' strongly supports this assessment. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://owlaokopdf.myhome.cx/98162816281678164/Grave-Measures-The-Grave-Report-2-by-R-R-Virdi.pdf
    • http://owlaokopdf.myhome.cx/381608164816581668166/Grave-Influence-21-Radicals-And-Their-Worldviews-That-Rule-America-From-The-Grave-by-Brannon-Howse.pdf
    • http://owlaokopdf.myhome.cx/581618160816081608168/Ain-t-No-Grave-by-T-J-Jarrett.pdf
    • http://owlaokopdf.myhome.cx/381688165816581688169/The-Third-Grave-by-David-Case.pdf
    • http://owlaokopdf.myhome.cx/881688169816281668165/No-Grave-for-the-Orchids-by-J-C-Linden.pdf
    • http://owlaokopdf.myhome.cx/281698167816281698165/Whispers-from-the-Grave-by-Kim-Murphy.pdf
    • http://owlaokopdf.myhome.cx/681698169816681608160/The-Grave-Marker-by-Don-LaCroix.pdf
    • http://owlaokopdf.myhome.cx/1816181628169816881648166/From-Beyond-the-Grave-by-David-Spielmann.pdf
    • http://owlaokopdf.myhome.cx/381678167816581688168/The-Grave-by-Charles-L-Grant.pdf
    • http://owlaokopdf.myhome.cx/48169816181668164/Grave-New-World-by-Ken-Sheffer.pdf
    • http://owlaokopdf.myhome.cx/481668160816981688161/The-Sibyl-in-Her-Grave-by-Sarah-Caudwell.pdf
    • http://owlaokopdf.myhome.cx/28166816681608167/Grumbles-from-the-Grave-by-Robert-A-Heinlein.pdf
    • http://owlaokopdf.myhome.cx/181638164816881678169/Beyond-The-Grave-The-Ministry-of-Curiosities-3-by-C-J-Archer.pdf
    • http://owlaokopdf.myhome.cx/681628160816081668164/The-Grave-of-Arthur-by-Peter-Corbyn.pdf
    • http://owlaokopdf.myhome.cx/781608168816881608164/Grave-of-Hummingbirds-by-Jennifer-Skutelsky.pdf
    • http://owlaokopdf.myhome.cx/181688168816581678162/Grave-Robbers-by-Samantha-Bayarr.pdf
    • http://owlaokopdf.myhome.cx/181698165816681688161/Stones-on-a-Grave-by-Kathy-Kacer.pdf
    • http://owlaokopdf.myhome.cx/18165816981648163/To-an-Early-Grave-by-Wallace-Markfield.pdf
    • http://owlaokopdf.myhome.cx/181638163816381688167/A-Stranger-In-My-Grave-by-Margaret-Millar.pdf
    • http://owlaokopdf.myhome.cx/381628162816081678161/A-Grave-at-Glorieta-by-Michael-Kilian.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.