Malicious PDF — malware analysis report

Static analysis result for SHA-256 52fff916203d99d9…

MALICIOUS

PDF

13.3 KB Created: 2019-05-01 18:51:08 +01:00 Authoring application: mPDF 5.7
MD5: 3d5b582bf91d4ffd467970f2e17a8245 SHA-1: 12a239dd5fdf88611f3c0ddc4d7055651125de70 SHA-256: 52fff916203d99d9a823f343e47d509d111b8db0e96c009e2fdd1cac3d9dbd8c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the `xiixmcuin.linkpc.net` domain. While the individual linked PDFs are currently marked as benign, the sheer volume and structure suggest a potential SEO manipulation or a lure to download further malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/2200200200204/Susie-Sexpert-s-Lesbian-Sex-World-by-Susie-Bright.pdf
    • http://xiixmcuin.linkpc.net/4207202206205/The-Thirteen-Hallows-Thirteen-Hallows-1-by-Michael-Scott.pdf
    • http://xiixmcuin.linkpc.net/6201205206206200/Susie-Dent-s-Weird-Words-by-Susie-Dent.pdf
    • http://xiixmcuin.linkpc.net/7204202206201/Swashbuckler-by-James-Moloney.pdf
    • http://xiixmcuin.linkpc.net/7208209207203209/Black-Taxi-by-James-Moloney.pdf
    • http://xiixmcuin.linkpc.net/2205207202200200/The-Book-of-Lies-by-James-Moloney.pdf
    • http://xiixmcuin.linkpc.net/7204202205206/A-Bridge-To-Wiseman-s-Cove-by-James-Moloney.pdf
    • http://xiixmcuin.linkpc.net/3203202202208208/Far-from-the-Shamrock-Shore-The-Story-of-Irish-American-Immigration-Through-Song-by-Mick-Moloney.pdf
    • http://xiixmcuin.linkpc.net/4207202205203208/Mr-8-by-David-J-Thirteen.pdf
    • http://xiixmcuin.linkpc.net/4207203204206205/The-Secrets-of-Sam-and-Sam-by-Susie-Day.pdf
    • http://xiixmcuin.linkpc.net/1200206209209205/Thirteen-Reasons-Why-by-Jay-Asher.pdf
    • http://xiixmcuin.linkpc.net/4209209201200206/Thirteen-by-Candice-Ransom.pdf
    • http://xiixmcuin.linkpc.net/8204206202204/The-Thirteen-by-James-Patterson.pdf
    • http://xiixmcuin.linkpc.net/2202200207200208/jack-in-a-box-by-Susie-Thatcher.pdf
    • http://xiixmcuin.linkpc.net/3207201203209204/Susie-Gets-Her-Wish-by-Harley-Baker.pdf
    • http://xiixmcuin.linkpc.net/3206204207206206/Jack-in-a-Box-by-Susie-Thatcher.pdf
    • http://xiixmcuin.linkpc.net/4209203208209200/Bodies-by-Susie-Orbach.pdf
    • http://xiixmcuin.linkpc.net/4209209205200207/History-of-the-Thirteen-by-Honor-de-Balzac.pdf
    • http://xiixmcuin.linkpc.net/9200203200207/Thirteen-is-Too-Young-to-Die-by-Isaacsen-Bright.pdf
    • http://xiixmcuin.linkpc.net/7206205206207206/The-Thirteen-Ghosts-by-Geronimo-Stilton.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.