Malicious PDF — malware analysis report

Static analysis result for SHA-256 4f428625a41f0f83…

MALICIOUS

PDF

16.8 KB Created: 2019-05-05 15:40:22 +01:00 Authoring application: mPDF 5.7
MD5: 9917e985ae38f2a85b972dba1a597029 SHA-1: 4fe5cf76bf850969223ea7f3e133f8dbca8eadd2 SHA-256: 4f428625a41f0f83a38611ef5fff53ccfd7931dfe8953466738a6e64e6dfd9be
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs extracted were labeled as confirmed_benign, the sheer volume and structure suggest a malicious intent, likely for SEO manipulation or to serve as a distribution point for further malicious content. The ML_NYX_PDF_MALICIOUS classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9094092092092/Acheron-Dark-Hunter-8-Entire-Dark-Hunterverse-15-Dark-Hunterverse-23-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/3090091091091095/Dark-Bites-Dream-Hunter-1-Hellchaser-1-Were-Hunter-1-Dark-Hunter-2-5-2-6-7-5-9-5-9-6-10-5-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/4097094099097099/Dark-Side-of-the-Moon-Dark-Hunter-9-Were-Hunter-3-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/6092098090/Dragonsworn-Dark-Hunter-26-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/4097095090099/Styxx-Dark-Hunter-23-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1092092090091091/Styxx-Dark-Hunter-23-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/3098099094093/The-Guardian-Dark-Hunter-20-Dream-Hunter-5-Were-Hunter-6-Hellchaser-3-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1099091098095096/Night-Embrace-Dark-Hunter-2-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/2090098095099/Dance-with-the-Devil-Dark-Hunter-3-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/8096098096097099/Gebieterin-der-Schatten-Dark-Hunter-15-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/3095092091093/Kiss-of-the-Night-Dark-Hunter-4-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/2098099090090092/Kiss-of-the-Night-Dark-Hunter-5-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1099092091099099/Kiss-of-the-Night-Dark-Hunter-4-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1094098091098098/Dragonbane-Dark-Hunter-Novels-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1091096094095093/Seize-the-Night-Dark-Hunter-5-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1099098099097096/Fantasy-Lover-Dark-Hunter-1-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/4098090095090093/Night-Embrace-Dark-Hunter-2-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/4096098092094/Upon-the-Midnight-Clear-Dark-Hunter-12-Dream-Hunter-2-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1096094099091096/Bad-Moon-Rising-Dark-Hunter-18-Were-Hunter-4-Hellchaser-2-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/2098090098094096/Unleash-the-Night-Dark-Hunter-9-Were-Hunter-4-by-Sherrilyn-Kenyon.pdf
    • http://loaminoo.linkpc.net/1099091098095096/Night-Embrace-Dark-Hunter-2-by-Sherr

Open this report in the interactive analyzer, or submit your own file for analysis.