Malicious PDF — malware analysis report

Static analysis result for SHA-256 5515fbeb843f2b34…

MALICIOUS

PDF

16.4 KB Created: 2019-04-30 04:05:32 +01:00 Authoring application: mPDF 5.7
MD5: 0ffd1f3e843b612999aa077f388dcda4 SHA-1: 1f2f7f208fd4dd1c144bae88473cfb6c68e14db3 SHA-256: 5515fbeb843f2b342e5cdaf4ba2bfadaa31f2afd4ab89b5a7b56271856c55b73
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded links, forming a link farm hosted on a dynamic DNS domain. The ML classifier also flagged this PDF as malicious. While the specific intent of the linked PDFs is unclear, the sheer volume and suspicious hosting suggest a malicious attempt to drive traffic or distribute further content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9097090092094/One-for-the-Road-Road-1-by-Elise-K-Ackers.pdf
    • http://loaminoo.linkpc.net/2092090094090094/Ask-Me-to-Stay-Homeland-1-by-Elise-K-Ackers.pdf
    • http://loaminoo.linkpc.net/2097093098095093/Ask-Me-to-Stay-Homeland-1-by-Elise-K-Ackers.pdf
    • http://loaminoo.linkpc.net/2090093098094099/In-Search-of-Captain-Zero-A-Surfer-s-Road-Trip-beyond-the-End-of-the-Road-by-Allan-C-Weisbecker.pdf
    • http://loaminoo.linkpc.net/4090097090095/In-Search-of-Captain-Zero-A-Surfer-s-Road-Trip-Beyond-the-End-of-the-Road-by-Allan-C-Weisbecker.pdf
    • http://loaminoo.linkpc.net/9099092096093/It-s-a-Mad-Mad-Mad-Mad-Trip-On-the-Road-of-the-Longest-Two-Week-Family-Road-Trip-in-History-by-Kevin-J-Shay.pdf
    • http://loaminoo.linkpc.net/2099091099090094/Walking-Wolf-Road-The-Wolf-Road-Chronicles-1-by-Brandon-M-Herbert.pdf
    • http://loaminoo.linkpc.net/1090095097090096091/Theodor-Herzl-the-Road-to-Israel-The-Road-to-Israel-by-Miriam-Gurko.pdf
    • http://loaminoo.linkpc.net/1096092090099092/Down-a-Lost-Road-The-Lost-Road-Chronicles-1-by-J-Leigh-Bralick.pdf
    • http://loaminoo.linkpc.net/5097093099/The-Broken-Road-The-Broken-Road-1-by-Richard-Paul-Evans.pdf
    • http://loaminoo.linkpc.net/4096091094095098/Demon-Road-Demon-Road-1-by-Derek-Landy.pdf
    • http://loaminoo.linkpc.net/3098094098093099/Long-Road-to-Baghdad-Long-Road-to-Baghdad-1-by-Catrin-Collier.pdf
    • http://loaminoo.linkpc.net/3093095097099098/Ten-Beach-Road-Ten-Beach-Road-1-by-Wendy-Wax.pdf
    • http://loaminoo.linkpc.net/4094099093095094/Ten-Beach-Road-Ten-Beach-Road-1-by-Wendy-Wax.pdf
    • http://loaminoo.linkpc.net/2095097091095099/The-Broken-Road-Cafe-The-Broken-Road-Cafe-1-by-T-A-Webb.pdf
    • http://loaminoo.linkpc.net/2095095096094095/The-Road-That-Has-No-End-by-Tim-Travis.pdf
    • http://loaminoo.linkpc.net/3093098099097095/Road-Trip-by-A-F-Henley.pdf
    • http://loaminoo.linkpc.net/1091092094094094/Hit-the-Road-by-Caroline-B-Cooney.pdf
    • http://loaminoo.linkpc.net/4099098094093099/The-Road-by-Cormac-McCarthy.pdf
    • http://loaminoo.linkpc.net/1091093092097091/The-Low-Road-by-Chris-Womersley.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.