Malicious PDF — malware analysis report

Static analysis result for SHA-256 452ce7195ef4a97c…

MALICIOUS

PDF

15.7 KB Created: 2019-05-02 17:18:06 +01:00 Authoring application: mPDF 5.7
MD5: ebdf374070a7d06cf16f5e9b537c971b SHA-1: 7c6b10c7317fb8199aefba4025e44ac7a647a0a6 SHA-256: 452ce7195ef4a97ccc094f71a157c6be29c30a6775839fa9633a13750f1f7f30
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The primary IOCs are the URLs found within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1095092090097099/Lakeside-Reunion-by-Lisa-Jordan.pdf
    • http://loaminoo.linkpc.net/3096099095098099/Reunion-Reunion-Series-1-by-M-R-Joseph.pdf
    • http://loaminoo.linkpc.net/1090095093093098094/-Beyond-Band-of-Brothers-The-War-Memoirs-of-Major-Dick-Winters-BEYOND-BAND-OF-BROTHERS-THE-WAR-MEMOIRS-OF-MAJOR-DICK-WINTERS-By-Winters-Dick-Author-May-01-2008-Paperback-by-Dick-Winters.pdf
    • http://loaminoo.linkpc.net/6098099097092092/The-Lakeside-Magician-by-Dale-Beauchene.pdf
    • http://loaminoo.linkpc.net/1091090097095/Lakeside-Cottage-by-Susan-Wiggs.pdf
    • http://loaminoo.linkpc.net/1097094097096090/By-the-Light-of-the-Moon-Lakeside-1-by-Laila-Blake.pdf
    • http://loaminoo.linkpc.net/4090094098096/Beyond-Band-of-Brothers-The-War-Memoirs-of-Major-Dick-Winters-by-Dick-Winters.pdf
    • http://loaminoo.linkpc.net/2093093099093093/Lakeside-Sweetheart-Men-of-Millbrook-Lake-3-by-Lenora-Worth.pdf
    • http://loaminoo.linkpc.net/3092095096096097/Lakeside-and-other-Tales-with-a-Twist---Coffee-Time-Short-Stories-by-Jean-de-Buerre.pdf
    • http://loaminoo.linkpc.net/3095092094095093/The-Reunion-by-M-D-Neu.pdf
    • http://loaminoo.linkpc.net/7096091093094096/The-Reunion-by-P-D-Hodkin.pdf
    • http://loaminoo.linkpc.net/9099091099094/Reunion-Wunder-2-by-A-R-Von.pdf
    • http://loaminoo.linkpc.net/4094096095099096/The-Reunion-by-Amy-Silver.pdf
    • http://loaminoo.linkpc.net/8090099093094095/The-Reunion-by-Shaine-Lake.pdf
    • http://loaminoo.linkpc.net/4095097098098093/The-Reunion-by-Elizabeth-Aloe.pdf
    • http://loaminoo.linkpc.net/6093098090099/Reunion-by-Ally-Condie.pdf
    • http://loaminoo.linkpc.net/4094094091096096/War-s-End-The-Reunion-Trilogy-1-by-Imogene-Nix.pdf
    • http://loaminoo.linkpc.net/1090091094099099096/Reunion-The-Six-of-Wands-by-Vic-Winter.pdf
    • http://loaminoo.linkpc.net/7094093095/The-Reunion-by-Samantha-Hayes.pdf
    • http://loaminoo.linkpc.net/2096098096099097/Reunion-by-Hannah-Pittard.pdf
    • http://loaminoo.linkpc.net/1097094097096090/By-the-L

Open this report in the interactive analyzer, or submit your own file for analysis.