Malicious PDF — malware analysis report

Static analysis result for SHA-256 59ff3e21bd6627a1…

MALICIOUS

PDF

14.7 KB Created: 2019-05-01 19:33:34 +01:00 Authoring application: mPDF 5.7
MD5: 7fda5e10bf1e5b69a5c9570bee423031 SHA-1: df762ed35ba1de1d7de09f13da57a44e70ae327d SHA-256: 59ff3e21bd6627a192f4da9b981d72f907b2c1e8bf9f30cf276717d581f9933f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or traffic distribution scheme. While the document body is heavily obfuscated, the presence of numerous links to external PDF files indicates a likely attempt to direct users to potentially malicious content or websites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo
    • http://loaminoo.linkpc.net/2098097090090091/Pathfinder-Adventure-Path-10-A-History-of-Ashes-by-Michael-Kortes.pdf
    • http://loaminoo.linkpc.net/2093090093094096/Pathfinder-Adventure-Path-7-Edge-of-Anarchy-by-Nicolas-Logue.pdf
    • http://loaminoo.linkpc.net/3097095094096097/Pathfinder-Pathfinder-1-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/1091092099090091092/Ashes-to-Ashes-Ashes-to-Ashes-1-by-Lillian-Stewart-Carl.pdf
    • http://loaminoo.linkpc.net/1099093098090095/The-Shackled-City-Adventure-Path-by-Jesse-Decker.pdf
    • http://loaminoo.linkpc.net/2091095096095/Legacy-of-Ashes-The-History-of-the-CIA-by-Tim-Weiner.pdf
    • http://loaminoo.linkpc.net/1091092098099090090/Ashes-to-Memories-Ashes-to-Ashes-5-by-Annie-Anderson.pdf
    • http://loaminoo.linkpc.net/1091092098099094091/Falling-Ashes-Ashes-to-Ashes-2-by-Annie-Anderson.pdf
    • http://loaminoo.linkpc.net/1090095091092/The-Path-to-Tyranny-by-Michael-E-Newton.pdf
    • http://loaminoo.linkpc.net/3099090096090/She-A-History-of-Adventure-She-1-by-H-Rider-Haggard.pdf
    • http://loaminoo.linkpc.net/9099097097091099/She-A-History-of-Adventure-by-H-Rider-Haggard.pdf
    • http://loaminoo.linkpc.net/8095095098091091/The-Titanic-An-Interactive-History-Adventure-by-Bob-Temple.pdf
    • http://loaminoo.linkpc.net/2090090099098096/Dead-Girl-s-Ashes-Dying-Ashes-1-by-Annathesa-Nikola-Darksbane.pdf
    • http://loaminoo.linkpc.net/8099091090093090/Ashes-Ruhelose-Seelen-Ashes-3-part-1-of-2-by-Ilsa-J-Bick.pdf
    • http://loaminoo.linkpc.net/4097098097090091/In-Search-of-History-A-Personal-Adventure-by-Theodore-H-White.pdf
    • http://loaminoo.linkpc.net/8096098090090097/Michael-and-Ava-s-Louisiana-Adventure-by-Shelle-Buras.pdf
    • http://loaminoo.linkpc.net/4093092097094092/Sullivan-s-War-The-Complete-Adventure-by-Michael-K-Rose.pdf
    • http://loaminoo.linkpc.net/1094097098090098/Ashes-to-Ashes-Experiment-in-Terror-8-by-Karina-Halle.pdf
    • http://loaminoo.linkpc.net/8095091097092/Ashes-to-Ashes-Kovac-and-Liska-1-by-Tami-Hoag.pdf
    • http://loaminoo.linkpc.net/1091094096099092092/Westward-Expansion-An-Interactive-History-Adventure-by-Allison-Lassieur.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.