Malicious PDF — malware analysis report

Static analysis result for SHA-256 657eb8a59bc88185…

MALICIOUS

PDF

15.6 KB Created: 2019-05-02 17:47:53 +01:00 Authoring application: mPDF 5.7
MD5: bbc7a43dfcc172462aeeb2ff3d88031b SHA-1: 16d272ea5b518d662d0566710606ead22e5d2323 SHA-256: 657eb8a59bc881854c5d0055eae725a1d40e14105125c6f911740d5c9c18c20d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'loaminoo.linkpc.net'. This behavior is indicative of a link farm or a lure to a malicious site, as flagged by the PDF_SEO_LINK_FARM heuristic. The ML classifier also strongly indicated maliciousness. No scripts were extracted, and the document body was heavily obfuscated, preventing a more detailed analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1092092096096094/The-Simeon-Chamber-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/4093096092090094/The-Rule-of-Nine-Paul-Madriani-11-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/9097093099092099/The-Arraignment-Paul-Madriani-7-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/3094098091097092/The-Enemy-Inside-Paul-Madriani-13-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/9097093098098093/Shadow-of-Power-Paul-Madriani-9-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/5096098091094092/Guardian-of-Lies-Paul-Madriani-10-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/9097093099093090/Blood-Flag-Paul-Madriani-14-by-Steve-Martini.pdf
    • http://loaminoo.linkpc.net/1098091094091/Musichound-Lounge-The-Essential-Album-Guide-to-Martini-Music-and-Easy-Listening-by-Steve-Knopper.pdf
    • http://loaminoo.linkpc.net/9097093099093095/Martini-Book-by-Sally-Ann-Berk.pdf
    • http://loaminoo.linkpc.net/9097093099094099/Martini-Seduction-by-Christa-Tomlinson.pdf
    • http://loaminoo.linkpc.net/9097093099095090/Martini-Shot-Hot-Hollywood-4-by-Madisyn-Monroe.pdf
    • http://loaminoo.linkpc.net/2096096099093096/Shaken-The-Martini-Sisterhood-1-by-Heather-Long.pdf
    • http://loaminoo.linkpc.net/1090097097096094/Life-or-Something-Like-It-at-Mallard-High-by-Greg-Martini.pdf
    • http://loaminoo.linkpc.net/5092098096095/Dirty-Martini-Jack-Daniels-Mystery-4-by-J-A-Konrath.pdf
    • http://loaminoo.linkpc.net/1090095096094098095/The-Jury-by-Gerald-Bullett.pdf
    • http://loaminoo.linkpc.net/5090091095091099/Jury-Of-One-by-David-Ellis.pdf
    • http://loaminoo.linkpc.net/2090094099093094/Why-Do-Men-Have-Nipples-Hundreds-of-Questions-You-d-Only-Ask-a-Doctor-After-Your-Third-Martini-by-Mark-Leyner.pdf
    • http://loaminoo.linkpc.net/1090092099097093090/Ein-falscher-Schuss---2-Krimimini-Auftrag-in-Kiel-by-Andrea-Martini.pdf
    • http://loaminoo.linkpc.net/1093094090096090/Like-Coffee-and-Doughnuts-Dino-Martini-Mysteries-1-by-Elle-Parker.pdf
    • http://loaminoo.linkpc.net/3092095092097090/You-Be-the-Jury-Courtroom-V-by-Marvin-Miller.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.