Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e0af99610c5ac30…

MALICIOUS

PDF

37.5 KB Created: 2019-04-30 02:40:48 +01:00 Authoring application: mPDF 5.7
MD5: da8583992b7ed1a683cbc897ade0b105 SHA-1: 65d07a63da24fde25db879034d832c21a32590bf SHA-256: 5e0af99610c5ac309a7b85535de311b104770c15a08cb40ef4afd21b0e51cb83
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to create a link farm or distribute malicious content. While the specific intent of the embedded URLs is unclear due to benign reputation labels, the sheer volume and the ML_NYX_PDF_MALICIOUS firing indicate malicious intent. No scripts were extracted from this sample, but the structure suggests it's designed to lure users to external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9926

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7096096099093/My-Doggie-Says-Messages-from-Jamie-How-a-Dog-Named-Jamie-quot-Talks-quot-to-Her-People-by-Fred-M-Haney.pdf
    • http://loaminoo.linkpc.net/3093090096095/My-Story-quot-A-Child-Called-It-quot-quot-The-Lost-Boy-quot-quot-A-Man-Named-Dave-quot-by-Dave-Pelzer.pdf
    • http://loaminoo.linkpc.net/2097093092098096/I-Thought-It-Was-Just-Me-But-It-Isn-t-Making-the-Journey-from-quot-What-Will-People-Think-quot-to-quot-I-Am-Enough-quot-by-Bren-Brown.pdf
    • http://loaminoo.linkpc.net/5094092093097099/Asterix-amp-Friends-quot-Asterix-the-Gladiator-quot-quot-Asterix-in-Switzerland-quot-quot-Mansions-of-the-Gods-quot-quot-Asterix-and-the-Laurel-Wreath-quot-quot-Obelix-and-Co-quot-by-Ren-Goscinny.pdf
    • http://loaminoo.linkpc.net/1090094090095094094/Vergleich-Der-Darstellung-Des-quot-Wunderbaren-quot-in-Johann-Hartliebs-quot-Alexanderroman-quot-Und-Gottfried-Von-Straburgs-quot-Tristan-quot-by-Katharina-Neuhaus.pdf
    • http://loaminoo.linkpc.net/8097096094092096/Zauberherz-und-Liebeswunder-Drei-Romane-in-einem-eBook-quot-Body-Switch-quot-quot-Hungry-for-Love-quot-und-quot-Von-M-usen-und-Million-ren-quot-by-Ashley-Bloom.pdf
    • http://loaminoo.linkpc.net/2098098092095097/The-Third-Inspector-Morse-Omnibus-quot-Last-Bus-to-Woodstock-quot-quot-Wench-Is-Dead-quot-quot-Jewel-That-Was-Ours-quot-by-Colin-Dexter.pdf
    • http://loaminoo.linkpc.net/1091092098090097097/Philosophische-Elemente-im-Werk-von-Max-Frisch-Grundph-nomene-menschlicher-Existenz-in-den-Romanen-quot-Stiller-quot-quot-Homo-faber-quot-und-quot-Mein-Name-sei-Gantenbein-quot-by-Frauke-Maria-Ho-.pdf
    • http://loaminoo.linkpc.net/7093091098096096/Absolute-Tao-Talks-on-Fragments-from-quot-Tao-Te-Ching-quot-by-Lao-Tzu-by-Osho.pdf
    • http://loaminoo.linkpc.net/1091096094095093097/Der-Ausflug-Ins-Innere-Der-Eigenen-Personlichkeit-Zur-Funktion-Der-Zitate-Im-Werk-Arno-Schmidts-Am-Beispiel-Von-quot-Brand-s-Haide-quot-quot-Kaff-Auch-Mare-Crisium-quot-Und-quot-Zettel-s-Traum-quot-by-Wolfgang-Hink.pdf
    • http://loaminoo.linkpc.net/1091096094095093098/Utopische-Prosa-ALS-L-Ngeres-Gedankenspiel-Untersuchungen-Zu-Arno-Schmidts-Theorie-Der-Modernen-Literatur-Und-Ihrer-Konkretisierung-in-quot-Schwarze-Spiegel-quot-quot-die-Gelehrtenrepublik-quot-Und-quot-Kaff-Auch-Mare-Crisium-quot-by-Boy-Hinrichs.pdf
    • http://loaminoo.linkpc.net/2098097097097093/Ruth-Rendell-Omnibus-II-quot-From-Doon-with-Death-quot-quot-Some-Lie-and-Some-Die-quot-quot-Shake-Hands-for-Ever-quot-quot-A-Sleeping-Life-quot-by-Ruth-Rendell.pdf
    • http://loaminoo.linkpc.net/2096091090092098/-quot-Multiplication-Is-for-White-People-quot-Raising-Expectations-for-Other-People-s-Children-by-Lisa-Delpit.pdf
    • http://loaminoo.linkpc.net/9095096092095096/Metafiktion-und-sthetik-in-Christa-Wolfs-quot-Nachdenken-ber-Christa-T-quot-quot-Kindheitsmuster-quot-und-quot-Sommerst-ck-quot-by-Ursula-Ackrill.pdf
    • http://loaminoo.linkpc.net/1090097099092096097/Gerhart-Hauptmann-quot-Bahnw-rter-Thiel-quot-quot-Vor-Sonnenaufgang-quot-quot-Der-Apostel-quot-quot-Der-Ketzer-von-Soana-quot-by-Gerhart-Hauptmann.pdf
    • http://loaminoo.linkpc.net/1095096092098099/Freedom-is-Not-Free-Rashard-quot-Stone-quot-Mysteries-1-by-Fred-King-Williams.pdf
    • http://loaminoo.linkpc.net/1096097097098094/Black-and-white-the-confrontation-of-Reverend-Fred-L-Shuttlesworth-and-Eugene-quot-Bull-quot-Connor-by-Larry-Dane-Brimner.pdf
    • http://loaminoo.linkpc.net/1090092097092096097/Herr-Regentropf-und-seine-Welt-Aus-der-Reihe-quot-Wunderbare-Geschichten-quot-f-r-quot-Bezaubernde-Kinder-quot-quot-Wunderbare-Geschichten-quot-f-r-quot-Bezaubernde-Kinder-quot-1-by-Friederike-Anhalt.pdf
    • http://loaminoo.linkpc.net/7098096098091092/Liturgy-and-Drama-in-the-Anglo-Norman-quot-Adam-quot-quot-Medium-Aevum-quot-Monograph-by-Lynette-R-Muir.pdf
    • http://loaminoo.linkpc.net/9095096092095097/-quot-Heikel-bis-heute-quot-Frauen-und-Nationalsozialismus-Der-Opfermythos-in-Christa-Wolfs-quot-Kindheitsmuster-quot-by-Ruth-Waldeck.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.