Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b526ced86761d01…

MALICIOUS

PDF

13.0 KB Created: 2019-05-03 05:03:38 +01:00 Authoring application: mPDF 5.7
MD5: 3279291c4f00ffb67becf6cdcaef18b4 SHA-1: 38774fdeb7c0b4bab0ea03ad36d259b7bb731a4d SHA-256: 4b526ced86761d01943399d3cb82157f3d96ff2f1fda96d0aa482c6729844cee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to book titles on the domain 'loaminoo.linkpc.net'. This is indicative of a link farm, a common tactic for SEO manipulation or distributing malicious content. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1091092097093094/Blood-Feud-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/1096092090098091/Outcast-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/2094094093098096/The-Armourer-s-House-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/2093096099097095/The-Capricorn-Bracelet-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/4095098091097097/A-Circlet-Of-Oak-Leaves-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/9096092093099/Tristan-and-Iseult-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/1096092090098094/Frontier-Wolf-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/1096092090098098/The-Eagle-of-the-Ninth-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/1098090098090094/Beowulf-Dragonslayer-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/6091096095094/The-Mark-of-the-Horse-Lord-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/4093090094096091/Brother-Dusty-Feet-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/4090092099090097/The-Light-Beyond-the-Forest-The-Quest-for-the-Holy-Grail-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/4090092099091098/The-Road-to-Camlann-The-Death-of-King-Arthur-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/4099094097098092/Sun-Horse-Moon-Horse-by-Rosemary-Sutcliff.pdf
    • http://loaminoo.linkpc.net/8091096091096/Blood-and-Sand-by-Damien-Graves.pdf
    • http://loaminoo.linkpc.net/1096091094097095/Origins-Blood-in-the-Sand-by-Candace-L-Bowser.pdf
    • http://loaminoo.linkpc.net/4094093095093095/Zendar-A-Tale-of-Blood-and-Sand-by-K-T-Munson.pdf
    • http://loaminoo.linkpc.net/1097098099094099/Blood-on-the-Sand-Z-Plan-1-by-Mikhail-Lerma.pdf
    • http://loaminoo.linkpc.net/4090095097099097/Blood-Shackles-Rebel-Vampires-2-by-Rosemary-A-Johns.pdf
    • http://loaminoo.linkpc.net/2097097099091099/Blood-in-the-Sand-Sanguis-Noctis-2-by-Robin-Saxon.pdf
    • http://loaminoo.linkpc.net/4099094097098092/Sun-Horse-Moon-H

Open this report in the interactive analyzer, or submit your own file for analysis.