Malicious PDF — malware analysis report

Static analysis result for SHA-256 43dadd04f0da043d…

MALICIOUS

PDF

14.3 KB Created: 2019-05-01 05:13:20 +01:00 Authoring application: mPDF 5.7
MD5: 38d9a7df37433b9e8216e56678d48bd7 SHA-1: 1deb62f87621ac526a3e58f05bce4705207075d4 SHA-256: 43dadd04f0da043dc01228484a2a77fc09d0c612467bff18fabdd14da505410e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1059.001 Command and Scripting Interpreter: PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which is indicative of a link farm or a distribution mechanism for malicious content. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing suggest a malicious intent to manipulate search results or redirect users to harmful sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.n
    • http://loaminoo.linkpc.net/1091096093094090/Agent-21-Reloaded-Agent-21-2-by-Chris-Ryan.pdf
    • http://loaminoo.linkpc.net/1092097090093096/Codebreaker-Agent-21-3-by-Chris-Ryan.pdf
    • http://loaminoo.linkpc.net/4098092098090/Agent-Zigzag-The-True-Wartime-Story-of-Eddie-Chapman-The-Most-Notorious-Double-Agent-of-World-War-II-by-Ben-Macintyre.pdf
    • http://loaminoo.linkpc.net/8096098090090/Polity-Agent-Agent-Cormac-4-by-Neal-Asher.pdf
    • http://loaminoo.linkpc.net/3091093093094095/Agent-A-To-Agent-Z-by-Andy-Rash.pdf
    • http://loaminoo.linkpc.net/8095098091098093/Agent-Provocateur-69-Soixante-Neuf-by-Agent-Provocateur.pdf
    • http://loaminoo.linkpc.net/2097095094099096/Agent-6-by-Tom-Rob-Smith.pdf
    • http://loaminoo.linkpc.net/1090093096092099/Agent-6-Leo-Demidov-3-by-Tom-Rob-Smith.pdf
    • http://loaminoo.linkpc.net/4098094094096091/Agent-of-the-Fae-Dark-Fae-FBI-4-by-C-N-Crawford.pdf
    • http://loaminoo.linkpc.net/7094094095094098/Sleeper-Agent-by-Ib-Melchior.pdf
    • http://loaminoo.linkpc.net/2092093094098/ZAP-Agent-Mathis-by-C-R-Daems.pdf
    • http://loaminoo.linkpc.net/5094090097099099/An-Agent-in-Place-by-Robert-Littell.pdf
    • http://loaminoo.linkpc.net/3093098092095097/The-Shooters-Presidential-Agent-4-by-W-E-B-Griffin.pdf
    • http://loaminoo.linkpc.net/1091096098090099/The-39-Clues-Agent-Handbook-by-Scholastic-Inc-.pdf
    • http://loaminoo.linkpc.net/1091090099091093095/Loki-Agent-of-Asgard-3-by-Al-Ewing.pdf
    • http://loaminoo.linkpc.net/9098097092095/The-Secret-Agent-by-Joseph-Conrad.pdf
    • http://loaminoo.linkpc.net/3093094095097090/Agent-of-the-Unknown-by-Margaret-St-Clair.pdf
    • http://loaminoo.linkpc.net/3093093098093092/Model-Agent-by-Sean-Sweeney.pdf
    • http://loaminoo.linkpc.net/4096092092095095/The-English-Agent-by-Clare-Harvey.pdf
    • http://loaminoo.linkpc.net/1091090099091098092/Loki-Agent-of-Asgard-7-by-Al-Ewing.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.