Malicious PDF — malware analysis report

Static analysis result for SHA-256 4807d15d76895046…

MALICIOUS

PDF

14.5 KB Created: 2019-04-30 18:34:22 +01:00 Authoring application: mPDF 5.7
MD5: e54da260d18b88e452ccfb6aff6096d8 SHA-1: 461cedbac4623aad117e8f45c5c742c05e1972c9 SHA-256: 4807d15d76895046291c135a2713f36afc130abf9761a796641e06646cbed6d6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, directing users to various external websites. While the specific intent of these links is unclear due to the 'confirmed_benign' reputation, the sheer volume and the ML classifier's high confidence score suggest a malicious attempt to drive traffic or potentially deliver further payloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4095095096090091/Goldenland-Past-Dark-by-Chandler-Klang-Smith.pdf
    • http://loaminoo.linkpc.net/9096093097091096/Codename-Chandler-Trilogy---Three-Complete-Novels-Codename-Chandler-1-3-by-J-A-Konrath.pdf
    • http://loaminoo.linkpc.net/1091093090091092095/Klang-der-Finsternis---Into-the-dusk-2-by-Ela-van-de-Maan.pdf
    • http://loaminoo.linkpc.net/1091093090090093093/Build-Your-Own-Lego-Vehicles-by-Joachim-Klang.pdf
    • http://loaminoo.linkpc.net/1091093090092090093/Dick-Master-Leatherland-Under-Attack-by-Roy-Klang.pdf
    • http://loaminoo.linkpc.net/1091092099099099099/LEGO-Galaxy-Build-Your-Own-Universe-by-Joachim-Klang.pdf
    • http://loaminoo.linkpc.net/8096099097092096/Der-Klang-von-Regen-Seasons-of-Love-2-by-Petra-R-der.pdf
    • http://loaminoo.linkpc.net/8093093090093093/Unendlicher-Klang-Das-Mysterium-der-Obert-ne-by-Michael-Reimann.pdf
    • http://loaminoo.linkpc.net/1091093090095094097/Klang-Twenty-Centuries-of-Eventful-Existence-by-Mubin-Sheppard.pdf
    • http://loaminoo.linkpc.net/1094096093099095/Hers-For-A-While-by-Danica-Chandler.pdf
    • http://loaminoo.linkpc.net/4096097097093099/Girls-Don-t-Fly-by-Kristen-Chandler.pdf
    • http://loaminoo.linkpc.net/1091093092095092097/The-Way-Back-by-A-Bertram-Chandler.pdf
    • http://loaminoo.linkpc.net/4090090091099091/The-Other-Mother-by-Kelly-Chandler.pdf
    • http://loaminoo.linkpc.net/5092097095097094/Kingfisher-by-David-Chandler.pdf
    • http://loaminoo.linkpc.net/1094095098095092/Bullwhipped-by-Danica-Chandler.pdf
    • http://loaminoo.linkpc.net/1096093096090095/The-Far-Traveler-by-A-Bertram-Chandler.pdf
    • http://loaminoo.linkpc.net/6096099099097092/Somnul-de-veci-by-Raymond-Chandler.pdf
    • http://loaminoo.linkpc.net/4099094090090093/The-Devil-s-Treasure-by-Virginia-Chandler.pdf
    • http://loaminoo.linkpc.net/2092098099097098/Tales-From-Black-Oceans-by-M-Chandler.pdf
    • http://loaminoo.linkpc.net/2096092093090094/Legacy-of-Lies-by-Elizabeth-Chandler.pdf
    • http://loaminoo.linkpc.net/1094096093099095/Hers-For-A-While

Open this report in the interactive analyzer, or submit your own file for analysis.