Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b5d11fa2c9aad1d…

MALICIOUS

PDF

14.2 KB Created: 2019-05-05 16:49:30 +01:00 Authoring application: mPDF 5.7
MD5: d3badeec358a58f174e9fc21df78ee35 SHA-1: 47057884bc74ae8f8a02b2a185069ed1b993f5a6 SHA-256: 4b5d11fa2c9aad1d2ac7c771ce0e16e09a446a44765e8a8f8f4ac00a8d7d0d92
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, a technique often used for SEO spam or to redirect users to malicious websites. The primary heuristic identified a PDF link farm with the dominant host being loaminoo.linkpc.net. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3093091097090090/Magic-Fingers-Avondale-Stories-5-by-Etienne.pdf
    • http://loaminoo.linkpc.net/3095094093095099/Magic-Fingers-Avondale-Stories-5-by-Etienne.pdf
    • http://loaminoo.linkpc.net/3092092097094098/Break-and-Enter-Avondale-Stories-3-by-Etienne.pdf
    • http://loaminoo.linkpc.net/4095097096090092/The-Tenor-Tuner-Avondale-Stories-9-by-Etienne.pdf
    • http://loaminoo.linkpc.net/4095097095095096/Love-Turns-the-Page-Avondale-Stories-7-by-Etienne.pdf
    • http://loaminoo.linkpc.net/2092093094096097/Sleuth-LLC-Birds-of-a-Feather-Avondale-Stories-4-by-Etienne.pdf
    • http://loaminoo.linkpc.net/5099092099095092/The-Hedi-Slimane-Diet-by-Amanda-Avondale.pdf
    • http://loaminoo.linkpc.net/2096099095091093/Counterfeit-Magic-Otherworld-Stories-10-3-by-Kelley-Armstrong.pdf
    • http://loaminoo.linkpc.net/1090097095098092091/Muck-And-Magic-Stories-From-The-Countryside-by-Michael-Morpurgo.pdf
    • http://loaminoo.linkpc.net/9090097099095092/Ralf-s-Stories-Princes-Monsters-and-Magic-by-Ralph-Wallenhorst.pdf
    • http://loaminoo.linkpc.net/2091096091093091/Unexpected-Magic-Collected-Stories-by-Diana-Wynne-Jones.pdf
    • http://loaminoo.linkpc.net/3092096099099095/Stories-of-Magic-and-Mischief-Contains-30-classic-tales-by-Enid-Blyton.pdf
    • http://loaminoo.linkpc.net/4090098092097093/Five-Magic-Spindles-A-Collection-of-Sleeping-Beauty-Stories-by-Anne-Elisabeth-Stengl.pdf
    • http://loaminoo.linkpc.net/4091091090092098/The-Magic-Valley-Travellers-Welsh-Stories-of-Fantasy-and-Horror-by-Peter-Haining.pdf
    • http://loaminoo.linkpc.net/2096093096095095/Ten-Little-Fingers-and-Ten-Little-Toes-by-Mem-Fox.pdf
    • http://loaminoo.linkpc.net/4090093099093099/Nine-Fingers-by-Tony-Bowman.pdf
    • http://loaminoo.linkpc.net/1090091093098095098/Fingers-by-William-Sleator.pdf
    • http://loaminoo.linkpc.net/2097098098099096/Ink-on-His-Fingers-by-Louise-A-Vernon.pdf
    • http://loaminoo.linkpc.net/4096099092091098/Her-Fingers-by-Tamara-Romero.pdf
    • http://loaminoo.linkpc.net/6092091090096/The-Five-Fingers-by-Gayle-Rivers.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.