Malicious PDF — malware analysis report

Static analysis result for SHA-256 59efc9c2aa2e70de…

MALICIOUS

PDF

12.2 KB Created: 2019-05-03 16:47:54 +01:00 Authoring application: mPDF 5.7
MD5: e28f34be1bab1e2116ca61c4c7e61e8f SHA-1: aaf0ab1a2511c7dfffab89cb7bef8c9f361819d0 SHA-256: 59efc9c2aa2e70dedbda6cf45b6caa79ce6d121c4c50a77d3141c7c51f90161e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links, identified as a PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on loaminoo.linkpc.net. The primary attack pattern appears to be the distribution of malicious content through these numerous links, potentially as a form of SEO poisoning or to lure users to download further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1098098099093099/Of-Last-Resort-Princes-of-the-Blood-1-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/1098098092092092/In-Despair-Princes-of-the-Blood-3-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2098096091097091/Always-There-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2096093092097095/Always-There-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/8095098095094/Once-Upon-a-Dream-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3098092095099096/By-Mistake-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3099091097091097/Embrace-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3098092095099094/The-Menagerie-Lynx-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/4094098094092094/Fighting-for-You-Lifesworn-2-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/1091096098091094094/Binding-a-Demon-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/1098099091090096/Magic-and-Mischief-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3094090093092092/Wriggle-amp-Sparkle-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2092094094093096/Herbal-Remedy-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3098092098098094/The-Only-Option-Dubious-4-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2098096093091098/Tournament-of-Losers-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2090091098098099/The-Broken-Forest-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2099099091092097/Fairytales-Slashed-3-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/1096098095094093/Wriggle-amp-Sparkle-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3098092095099092/The-Rapier-Brothers-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/3098092095099095/Magic-amp-Mischief-by-Megan-Derr.pdf
    • http://loaminoo.linkpc.net/2098096093091098/Tournament-o

Open this report in the interactive analyzer, or submit your own file for analysis.