Malicious PDF — malware analysis report

Static analysis result for SHA-256 63f3e66eddb8101c…

MALICIOUS

PDF

15.0 KB Created: 2019-05-03 06:01:48 +01:00 Authoring application: mPDF 5.7
MD5: 30dcc4a0fe0cc8cb4f5b3dcd700acf63 SHA-1: 5e76a54437f145127701ded06301fa77c66295c0 SHA-256: 63f3e66eddb8101cecc110552c556890cb6749fdbbcb1e2f1e9bb71c8dd98b1f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified as a link farm, which is a common tactic for SEO spam or directing users to malicious sites. While the document body is unreadable, the heuristic 'PDF_SEO_LINK_FARM' strongly indicates a malicious intent to redirect users. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1099090096093092/Icebreaker-New-York-Blades-8-by-Deirdre-Martin.pdf
    • http://loaminoo.linkpc.net/1099090098096091/Just-A-Taste-New-York-Blades-6-by-Deirdre-Martin.pdf
    • http://loaminoo.linkpc.net/1099090096093094/Hip-Check-New-York-Blades-10-by-Deirdre-Martin.pdf
    • http://loaminoo.linkpc.net/1099090096092093/Power-Play-New-York-Blades-7-by-Deirdre-Martin.pdf
    • http://loaminoo.linkpc.net/1099090096094092/Total-Rush-New-York-Blades-3-by-Deirdre-Martin.pdf
    • http://loaminoo.linkpc.net/3096093096093099/Double-the-Heat-New-York-Blades-7-5-by-Lori-Foster.pdf
    • http://loaminoo.linkpc.net/9090097094096090/Die-Elfen-von-New-York-by-Martin-Millar.pdf
    • http://loaminoo.linkpc.net/1093098098090098/The-Good-Fairies-Of-New-York-by-Martin-Millar.pdf
    • http://loaminoo.linkpc.net/2091096091093098/The-Cardinal-s-Blades-The-Cardinal-s-Blades-1-by-Pierre-Pevel.pdf
    • http://loaminoo.linkpc.net/8096091095094097/New-York-New-York-Elysian-Park-Zwei-St-cke-by-Marlene-Streeruwitz.pdf
    • http://loaminoo.linkpc.net/8095099095091097/Portraits-de-New-York-New-York-par-ceux-qui-y-vivent-by-Jeanne-Sulzer.pdf
    • http://loaminoo.linkpc.net/1091093099091095092/The-Potential-of-Cross-Marketing-for-the-Destination-Management-Organizations-of-New-York-City-and-New-York-State-by-Yvonne-Koppen.pdf
    • http://loaminoo.linkpc.net/3090090094098092/Quickies-in-New-York-Stories-Winter-To-Spring-by-Guy-New-York.pdf
    • http://loaminoo.linkpc.net/1099099093099095/You-Were-Always-On-My-Mind-by-Deirdre-O-39-Dare.pdf
    • http://loaminoo.linkpc.net/6098091090096/One-by-One-in-the-Darkness-by-Deirdre-Madden.pdf
    • http://loaminoo.linkpc.net/1099095091097098/Red-Rover-by-Deirdre-McNamer.pdf
    • http://loaminoo.linkpc.net/1093093095094095/Mary-of-Mile-18-by-Ann-Blades.pdf
    • http://loaminoo.linkpc.net/2096098099094096/Sugar-by-Deirdre-Riordan-Hall.pdf
    • http://loaminoo.linkpc.net/1090097091097090090/Karola-s-Hunt-by-Deirdre-O-39-Dare.pdf
    • http://loaminoo.linkpc.net/1097095097091095/Pearl-by-Deirdre-Riordan-Hall.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.