Malicious PDF — malware analysis report

Static analysis result for SHA-256 52e76351417b97e0…

MALICIOUS

PDF

14.8 KB Created: 2019-04-30 18:32:19 +01:00 Authoring application: mPDF 5.7
MD5: 85219fd6d524b764594a6dea123adc6d SHA-1: d45c3b5e8ca75fff0e43e1b9aef5962ce6aa6d62 SHA-256: 52e76351417b97e0ab082ad8c9de4bada17148225ceae64a058b1926ec526945
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, indicative of a link farm or SEO poisoning attack. While the specific content of the linked PDFs are benign, the sheer volume and the nature of the hosting domain suggest a malicious intent to drive traffic or potentially distribute further malware. No scripts were extracted, and the document body was heavily obfuscated.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.l
    • http://loaminoo.linkpc.net/1090097/Winnie-The-True-Story-of-the-Bear-Who-Inspired-Winnie-the-Pooh-by-Sally-M-Walker.pdf
    • http://loaminoo.linkpc.net/3091093097090096/Disney-s-Winnie-the-Pooh-Winnie-the-Pooh-Springtime-with-Roo-Pooh-s-Huffalump-Movie-Piglet-s-Big-Movie-by-ToyBox-Innovations.pdf
    • http://loaminoo.linkpc.net/3092091093090/Winnie-the-Pooh-Winnie-the-Pooh-1-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/4096093091098/Winnie-The-Pooh-The-House-At-Pooh-Corner-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/7091093097099091/Winnie-the-Pooh-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/3094098094099090/Winnie-the-Pooh-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/3095090095093092/Winnie-the-Pooh-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/3095095097092096/Winnie-the-Pooh-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/8095098095090/Winnie-the-Pooh-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/3097094098092/Now-We-Are-Six-Winnie-the-Pooh-4-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/4098090096094090/Winnie-the-Pooh-s-A-to-Zzzz-by-Don-Ferguson.pdf
    • http://loaminoo.linkpc.net/7099097096096/Winnie-the-Pooh-in-Scots-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/2094090093097099/Winnie-the-Pooh-by-Walt-Disney-Company.pdf
    • http://loaminoo.linkpc.net/3093094095093095/The-Complete-Tales-of-Winnie-the-Pooh-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/8094099091097/Winnie-The-Pooh-And-The-Honey-Tree-by-Mary-Packard.pdf
    • http://loaminoo.linkpc.net/1093096095095099/Winnie-the-Pooh-The-Complete-Collection-of-Stories-and-Poems-by-A-A-Milne.pdf
    • http://loaminoo.linkpc.net/1096096099097/Dark-Chapter-by-Winnie-M-Li.pdf
    • http://loaminoo.linkpc.net/2097097099098092/The-Hand-Me-Down-Family-by-Winnie-Griggs.pdf
    • http://loaminoo.linkpc.net/2090095094095/The-Heart-s-Song-by-Winnie-Griggs.pdf
    • http://loaminoo.linkpc.net/2092091094090097/Ten-The-Winnie-Years-1-by-Lauren-Myracle.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.