Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f1bcb15a6fdeb92…

MALICIOUS

PDF

16.2 KB Created: 2020-02-20 00:06:14 +00:00 Authoring application: mPDF 5.7
MD5: 6ab6874eb0536c2e44c61ccb8bba5780 SHA-1: d5cb82aedbbc1000d1866d55e4eda27f1efdfda3 SHA-256: 3f1bcb15a6fdeb92eae1f8b15afb86d4d9ed7398e9ce0627376e2eaf9c1ab99f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on the `xiixmcuin.linkpc.net` domain. While the URLs themselves are marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to distribute further payloads. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/3207204206203209/Ghostwalker-Forgotten-Realms-The-Fighters-2-by-Erik-Scott-de-Bie.pdf
    • http://xiixmcuin.linkpc.net/2208209207200209/Realms-of-the-Elves-Forgotten-Realms-Anthologies-11-by-Philip-Athans.pdf
    • http://xiixmcuin.linkpc.net/6205208200206204/The-Best-of-the-Realms-The-Stories-of-Elaine-Cunningham-Forgotten-Realms-The-Best-of-the-Realms-3-by-Elaine-Cunningham.pdf
    • http://xiixmcuin.linkpc.net/4200201207203200/The-Forgotten-Realms-Campaign-Set-by-Ed-Greenwood.pdf
    • http://xiixmcuin.linkpc.net/2201205209209208/The-Sea-Devil-s-Eye-Forgotten-Realms-The-Threat-from-the-Sea-3-by-Mel-Odom.pdf
    • http://xiixmcuin.linkpc.net/4208208201202200/Stormlight-Forgotten-Realms-The-Harpers-14-by-Ed-Greenwood.pdf
    • http://xiixmcuin.linkpc.net/3207204203204204/Red-Magic-Forgotten-Realms-The-Harpers-3-by-Jean-Rabe.pdf
    • http://xiixmcuin.linkpc.net/1207202205203208/The-Parched-Sea-Forgotten-Realms-The-Harpers-1-by-Troy-Denning.pdf
    • http://xiixmcuin.linkpc.net/4208206206202201/Bloodwalk-Forgotten-Realms-The-Wizards-2-by-James-P-Davis.pdf
    • http://xiixmcuin.linkpc.net/5205207207207201/The-Stowaway-Forgotten-Realms-Stone-of-Tymora-1-by-R-A-Salvatore.pdf
    • http://xiixmcuin.linkpc.net/2201205209207204/Resurrection-Forgotten-Realms-War-of-the-Spider-Queen-6-by-Paul-S-Kemp.pdf
    • http://xiixmcuin.linkpc.net/4206202207200208/Night-Masks-Forgotten-Realms-The-Cleric-Quintet-3-by-R-A-Salvatore.pdf
    • http://xiixmcuin.linkpc.net/4206202207201201/In-Sylvan-Shadows-Forgotten-Realms-The-Cleric-Quintet-2-by-R-A-Salvatore.pdf
    • http://xiixmcuin.linkpc.net/3207204203205200/The-Druid-Queen-Forgotten-Realms-Druidhome-3-by-Douglas-Niles.pdf
    • http://xiixmcuin.linkpc.net/3207204203203208/Undead-Forgotten-Realms-The-Haunted-Lands-2-by-Richard-Lee-Byers.pdf
    • http://xiixmcuin.linkpc.net/3207204203204206/The-Shattered-Mask-Forgotten-Realms-Sembia-3-by-Richard-Lee-Byers.pdf
    • http://xiixmcuin.linkpc.net/7203200209201/The-Orc-King-Forgotten-Realms-Transitions-1-Legend-of-Drizzt-17-by-R-A-Salvatore.pdf
    • http://xiixmcuin.linkpc.net/4208207200200201/Lady-of-Poison-Forgotten-Realms-The-Priests-1-by-Bruce-R-Cordell.pdf
    • http://xiixmcuin.linkpc.net/3207204203204201/Crypt-of-the-Shadowking-Forgotten-Realms-The-Harpers-6-by-Mark-Anthony.pdf
    • http://xiixmcuin.linkpc.net/6204200204208207/Cad-Kral-n-Vaadi-Forgotten-Realms-The-Sellswords-2-by-R-A-Salvatore.pdf
    • http://xiixmcuin.linkpc.net/5205207207207201/The-Stowaway-Forgotten-Realm

Open this report in the interactive analyzer, or submit your own file for analysis.