Malicious PDF — malware analysis report

Static analysis result for SHA-256 49bfa6aec5a35f31…

MALICIOUS

PDF

13.2 KB Created: 2019-04-30 09:44:46 +01:00 Authoring application: mPDF 5.7
MD5: 342bb7cdfe7c523619847b53503c9fb1 SHA-1: 6b0a7b5e48487fdd38d8d9ede468bae456cad23d SHA-256: 49bfa6aec5a35f31d2497e1ee5c1cc2563691a356ba8c43874a81e7f0681dc5e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the extracted URLs themselves are currently classified as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO manipulation or to redirect users to harmful content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5097099097099096/The-Time-Machine-By-H-G-Wells---Illustrated-Bonus-Free-Audiobook-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6095091098099098/The-Time-Machine-Herbert-George-Wells-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/9091091094091091/The-Time-Machine-Centaur-Classics-The-100-greatest-novels-of-all-time---96-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5097094091098092/The-Time-Machine-The-Original-Time-Travel-Story-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/8091097091093092/The-Time-Machine-The-Original-Time-Travel-Story-A-Short-Science-Fiction-Novel-about-Time-Travel-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6092095099096099/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5096098090094091/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5093094097094094/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/7092094090093095/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6093093094096091/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5095094094090098/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/2099099090096099/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5096097099098097/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/1091095091096095097/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6091097096098094/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5092093097094092/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6095093095095098/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6098093096093095/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/9096098092096098/The-Time-Machine-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/3097097092098099/The-Time-Machine-by-H-G-Wells.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.