Malicious PDF — malware analysis report

Static analysis result for SHA-256 4430910d3b5d8525…

MALICIOUS

PDF

15.6 KB Created: 2019-05-02 17:18:31 +01:00 Authoring application: mPDF 5.7
MD5: c305a71aa59eacbef1886055f4e0f233 SHA-1: 89b027b19ed4378f5475a20f2fda80845dc77e95 SHA-256: 4430910d3b5d852514f6fa126c3441df85ea0f44af041d64f3fae4bf16d14780
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links, many of which point to external PDF files hosted on the same domain. This suggests a link farm or a method to distribute further malicious content. The primary attack pattern involves leveraging these embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5090094094090094/Three-Plays-The-Wasps-The-Poet-and-the-Women-The-Frogs-by-Aristophanes.pdf
    • http://loaminoo.linkpc.net/5097092091094096/The-Lysistrata-of-Aristophanes-Acted-at-Athens-in-the-Year-B-C-411-The-Greek-Text-Revised-with-a-Translation-Into-Corresponding-Metres-Introduction-and-Commentary-by-Aristophanes.pdf
    • http://loaminoo.linkpc.net/5090098090096091/The-Knights-by-Aristophanes.pdf
    • http://loaminoo.linkpc.net/6090097094098/Assembly-of-Women-by-Aristophanes.pdf
    • http://loaminoo.linkpc.net/8098094092091096/Lysistrata-Greek-Latin-and-English-by-Aristophanes.pdf
    • http://loaminoo.linkpc.net/5092093091099099/Venom-in-Verse-Aristophanes-in-Modern-Greece-by-Gonda-A-H-Van-Steen.pdf
    • http://loaminoo.linkpc.net/4099098095096094/Are-You-Together-by-frogs-of-war.pdf
    • http://loaminoo.linkpc.net/1096097093090090/Too-Many-Frogs-by-Sandy-Asher.pdf
    • http://loaminoo.linkpc.net/1095096097092091/To-Sing-Frogs-by-John-M-Simmons.pdf
    • http://loaminoo.linkpc.net/7091092093097099/The-Frogs-and-Their-Monster-by-Swami-Chidvilasananda.pdf
    • http://loaminoo.linkpc.net/1091091098094099090/Frogs-And-Little-Ducks---Humor-Job-by-Talitha-Bayley.pdf
    • http://loaminoo.linkpc.net/6099099099096091/Fredrick-Frogs-Happy-Day-by-Marlene-D-Hughes.pdf
    • http://loaminoo.linkpc.net/1090094096096098095/Frogs-2006-Calendar-by-Frans-Lauting.pdf
    • http://loaminoo.linkpc.net/4099093093090/lizards-frogs-and-polliwogs-by-Douglas-Florian.pdf
    • http://loaminoo.linkpc.net/1092093097090092/The-Adventures-of-Betty-and-Bo-Bob-A-Tale-of-One-and-a-Half-Frogs-by-B-M-Killaire.pdf
    • http://loaminoo.linkpc.net/6098091098094/A-Girl-s-Guide-To-Kissing-Frogs-by-Victoria-Clayton.pdf
    • http://loaminoo.linkpc.net/3097092096096096/Attack-of-the-Ninja-Frogs-Dragonbreath-2-by-Ursula-Vernon.pdf
    • http://loaminoo.linkpc.net/1090094092099098/Tracking-The-Vanishing-Frogs-An-Ecological-Mystery-by-Kathryn-Phillips.pdf
    • http://loaminoo.linkpc.net/4095097092097092/Kissing-Frogs-In-Search-of-Prince-Charming-by-Lauren-Galley.pdf
    • http://loaminoo.linkpc.net/1092091097096095/Twelve-Dead-Frogs-and-Other-Stories-a-Filmmaker-s-Memoir-by-Rick-Schmidt.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.