Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b0a858221c53caa…

MALICIOUS

PDF

13.4 KB Created: 2019-04-30 19:17:28 +01:00 Authoring application: mPDF 5.7
MD5: 8330d825d2b8a9a89c085950dc9c7778 SHA-1: ba781542bbdb5311fbfa9638d3fac0954d928da9 SHA-256: 4b0a858221c53caa54b9acdef844e4ab88fefd22709e7ca14ae4d151081d8503
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents. The heuristic PDF_SEO_LINK_FARM indicates this is a link farm designed to drive traffic to the linked content. The embedded URLs are likely used to deceive users into downloading potentially malicious content or visiting malicious sites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/7207201204208200/Joseph-Heller-s-Catch-22-A-Critical-Edition-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/1206200205201/Catch-22-Catch-22-1-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/5200203200205207/Catch-22-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/5204200200202203/Catch-22-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/4200209203205202/Catch-22-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/7203208207200205/Closing-Time-Catch-22-2-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/5206203203205/CliffsNotes-on-Heller-s-Catch-22-by-Charles-A-Peek.pdf
    • http://xiixmcuin.linkpc.net/4203203209208203/Picture-This-by-Joseph-Heller.pdf
    • http://xiixmcuin.linkpc.net/1200204209202204/Vanished-Nick-Heller-1-by-Joseph-Finder.pdf
    • http://xiixmcuin.linkpc.net/4207205208205201/Buried-Secrets-Nick-Heller-2-by-Joseph-Finder.pdf
    • http://xiixmcuin.linkpc.net/2202202205209203/Heller-s-Regret-Heller-6-by-J-D-Nixon.pdf
    • http://xiixmcuin.linkpc.net/2205208203209207/Heller-s-Revenge-Heller-2-by-J-D-Nixon.pdf
    • http://xiixmcuin.linkpc.net/2205208202207201/Heller-s-Girlfriend-Heller-3-by-J-D-Nixon.pdf
    • http://xiixmcuin.linkpc.net/2202202207204207/Catch-and-Release-Catch-2-by-Ella-Fox.pdf
    • http://xiixmcuin.linkpc.net/1201202209208202204/Catch-Me-Once-Catch-Me-Twice-by-Janet-McNaughton.pdf
    • http://xiixmcuin.linkpc.net/5200202205201205/Catch-Me-a-Catch-by-Sally-Clements.pdf
    • http://xiixmcuin.linkpc.net/3207200209201203/Everything-You-Know-by-Zo-Heller.pdf
    • http://xiixmcuin.linkpc.net/6207202202203/Remembering-Joseph-Personal-Recollections-Of-Those-Who-Knew-The-Prophet-Joseph-Smith-by-Mark-L-McConkie.pdf
    • http://xiixmcuin.linkpc.net/4209203202208/The-Believers-by-Zo-Heller.pdf
    • http://xiixmcuin.linkpc.net/2208204209207202/RISE-by-A-C-Heller.pdf
    • http://xiixmcuin.linkpc.net/2202202207204207/Catch-and-Release

Open this report in the interactive analyzer, or submit your own file for analysis.