Malicious PDF — malware analysis report

Static analysis result for SHA-256 5fb9e513643a8d1e…

MALICIOUS

PDF

13.6 KB Created: 2019-04-30 03:48:46 +01:00 Authoring application: mPDF 5.7
MD5: ab49b1c2276f25683dabcda710cec7ea SHA-1: 016fe88d1dc1f0fa61597d03f94a1527728925f0 SHA-256: 5fb9e513643a8d1eabf264ab6b67ce9bb82735ff46455cfd475e09b6a6607095
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs, identified as a link farm, likely intended to manipulate search engine results or redirect users to malicious content. While no scripts were extracted, the presence of numerous external links suggests a potential for downloading further payloads or phishing attempts. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9877

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3090091092099098/The-Wee-Free-Men-Discworld-30-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/6098090096093/The-Wee-Free-Men-Discworld-30-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/4095091099097092/The-Wee-Free-Men-Discworld-30-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3094097094096099/The-Last-Hero-A-Discworld-Fable-Discworld-27-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1098096091096094/The-Art-of-Discworld-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1098091090092099/The-Fifth-Elephant-Discworld-24-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/6099098090095/Mort-Discworld-4-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/8096094098094/Pyramids-Discworld-7-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3090093096097090/Eric-Discworld-9-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1093099099098091/The-Science-of-Discworld-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/5095097095097/Discworld-Companion-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/2091097099092094/Going-Postal-Discworld-33-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/4093090094099094/Mort-Discworld-4-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/8094098093092/The-Truth-Discworld-25-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3090092098099090/The-Last-Continent-Discworld-22-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3097094091093098/The-Witches-Trilogy-Discworld-3-6-12-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3093093096096093/I-Shall-Wear-Midnight-Discworld-38-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3095091095090090/Interesting-Times-Discworld-17-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3090098094092090/Night-Watch-Discworld-29-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/7097090099094/Carpe-Jugulum-Discworld-23-by-Terry-Pratchett.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.