Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f2463f4bfdc35c6…

MALICIOUS

PDF

13.0 KB Created: 2019-05-03 07:47:50 +01:00 Authoring application: mPDF 5.7
MD5: 7ce827f49ae2b748ad3a28a6603d6f0f SHA-1: 6b0b11773b372663ee4d4b3c2bf0a30068f1d31a SHA-256: 3f2463f4bfdc35c641d1fa2fb806fa140246a4c2179d9a3a81f601bd54fc82bf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to other PDF files hosted on the same domain. This pattern is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. While the specific intent of these linked PDFs is unclear, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests a malicious purpose. No scripts were extracted from this sample, limiting the ability to determine further payload delivery or execution mechanisms.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5091099093095093/The-Headmaster-s-Darlings-A-Mountain-Brook-Novel-by-Katherine-Clark.pdf
    • http://loaminoo.linkpc.net/2097092092090093/Little-Darlings-by-Sam-Llewellyn.pdf
    • http://loaminoo.linkpc.net/1090096090099093093/The-Darlings-of-Soho-by-David-Barnett.pdf
    • http://loaminoo.linkpc.net/3093090096096090/The-Silver-Darlings-by-Neil-M-Gunn.pdf
    • http://loaminoo.linkpc.net/2090090099097099/Cage-the-Darlings-by-Elora-Bishop.pdf
    • http://loaminoo.linkpc.net/1092099093094091/Murderous-Little-Darlings-by-John-Hennessy.pdf
    • http://loaminoo.linkpc.net/3090090091092097/Darlings-of-Decay-by-Tamara-Rose-Blodgett.pdf
    • http://loaminoo.linkpc.net/4099092097096092/Kill-Your-Darlings-Mallory-3-by-Max-Allan-Collins.pdf
    • http://loaminoo.linkpc.net/3090098092091/Vicious-by-V-E-Schwab.pdf
    • http://loaminoo.linkpc.net/1090093095099/Vicious-Villains-1-by-V-E-Schwab.pdf
    • http://loaminoo.linkpc.net/4099090098093092/Sweet-and-Vicious-In-or-Out-3-by-Claudia-Gabel.pdf
    • http://loaminoo.linkpc.net/3091097095093099/These-Vicious-Masks-by-Tarun-Shanker.pdf
    • http://loaminoo.linkpc.net/4090092097098095/Vicious-Cycle-by-Misha-Horne.pdf
    • http://loaminoo.linkpc.net/6090099094092099/Nietzsche-and-the-Vicious-Circle-by-Pierre-Klossowski.pdf
    • http://loaminoo.linkpc.net/6099094090092091/V-Is-For-Vicious-Santorno-10-by-Sandrine-Gasq-Dion.pdf
    • http://loaminoo.linkpc.net/1092093099098097/Savor-Vicious-Feast-1-by-Kate-Evangelista.pdf
    • http://loaminoo.linkpc.net/3090098094/Love-Me-Never-Lovely-Vicious-1-by-Sara-Wolf.pdf
    • http://loaminoo.linkpc.net/2098093090092093/Forget-Me-Always-Lovely-Vicious-2-by-Sara-Wolf.pdf
    • http://loaminoo.linkpc.net/1098092097096092/Birthday-Vicious-The-Ashleys-3-by-Melissa-de-la-Cruz.pdf
    • http://loaminoo.linkpc.net/2097090094098090/Kissing-Vicious-Hearts-of-Metal-1-by-Brooklyn-Ann.pdf
    • http://loaminoo.linkpc.net/409009209709809

Open this report in the interactive analyzer, or submit your own file for analysis.