Malicious PDF — malware analysis report

Static analysis result for SHA-256 50de264610fe4801…

MALICIOUS

PDF

16.7 KB Created: 2019-05-02 01:40:36 +01:00 Authoring application: mPDF 5.7
MD5: 2f2befbc4c3be560d12e3d937fffb86e SHA-1: b404df9b39a5cdf7dda5addec40cde54801e167f SHA-256: 50de264610fe4801a791092879d9ec472c9b984796942d3c999e522e1df809d0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, many of which are hosted on the same suspicious domain 'loaminoo.linkpc.net'. This pattern is indicative of a link farm or a lure to download further malicious content. The ML classifier also strongly flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3090092092092098/Three-Minutes-to-Midnight-by-William-L-Hahn.pdf
    • http://loaminoo.linkpc.net/4094094091097099/The-Dark-Warrior-Series-The-Complete-Collection-Contains-Midnight-s-Master-Midnight-s-Lover-Midnight-s-Seduction-Midnight-s-Warrior-Midnight-s-Kiss-Surrender-novella-Dark-Warriors-by-Donna-Grant.pdf
    • http://loaminoo.linkpc.net/5095092094092099/Nine-Minutes-Nine-Minutes-1-by-Beth-Flynn.pdf
    • http://loaminoo.linkpc.net/9099099091097096/Harley-Hahn-s-Guide-to-Unix-and-Linux-by-Harley-Hahn.pdf
    • http://loaminoo.linkpc.net/3099096091090/A-Midnight-Clear-by-William-Wharton.pdf
    • http://loaminoo.linkpc.net/1093097092095092/Midnight-Clear-by-William-Wharton.pdf
    • http://loaminoo.linkpc.net/3095098093096091/The-Midnight-Eye-Files-The-Amulet-by-William-Meikle.pdf
    • http://loaminoo.linkpc.net/5097097096092097/30-Minutes-pour-perdre-du-poids-Comment-perdre-du-poids-en-30-minutes-by-Lynx.pdf
    • http://loaminoo.linkpc.net/2094098099093093/Tempted-by-Midnight-Midnight-Breed-12-5-1001-Dark-Nights-9-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3091097098099097/Cat-in-a-Midnight-Choir-Midnight-Louie-14-by-Carole-Nelson-Douglas.pdf
    • http://loaminoo.linkpc.net/4095096098098092/Either-Side-of-Midnight-The-Midnight-Saga-Book-1-by-Tori-de-Clare.pdf
    • http://loaminoo.linkpc.net/1093093096090099/A-Touch-of-Midnight-Midnight-Breed-0-5-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3096090098094095/Midnight-Promises-Men-of-Midnight-2-by-Lisa-Marie-Rice.pdf
    • http://loaminoo.linkpc.net/3093097097094/Midnight-Awakening-Midnight-Breed-3-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3094095098099/Ashes-of-Midnight-Midnight-Breed-6-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/1096097099099093/Midnight-Kiss-Touched-by-Midnight-1-by-Nancy-Gideon.pdf
    • http://loaminoo.linkpc.net/3099090092093094/Deeper-Than-Midnight-Midnight-Breed-9-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/4090099095091094/Midnight-Awakening-Midnight-Breed-3-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3095097094093097/Midnight-Rising-Midnight-Breed-4-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3093099096090090/Darker-After-Midnight-Midnight-Breed-10-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/5097097

Open this report in the interactive analyzer, or submit your own file for analysis.