Malicious PDF — malware analysis report

Static analysis result for SHA-256 67e2111f5b7e0794…

MALICIOUS

PDF

17.5 KB Created: 2019-05-01 19:06:02 +01:00 Authoring application: mPDF 5.7
MD5: 42dbb1f2d0ecc2a16e2e8f693417429f SHA-1: f8923e0b603739e8d7050e364cab3462e69a6908 SHA-256: 67e2111f5b7e0794533215fb9ab0b3e937f327029c8652c0304d52e87153a3da
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The embedded URLs are hosted on a dynamic DNS domain, suggesting a low-reputation hosting environment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4094093090093/A-Dance-to-the-Music-of-Time-Complete-Set-1st-Movement-2nd-Movement-3rd-Movement-4th-Movement-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/3098095094097/A-Dance-to-the-Music-of-Time-1st-Movement-A-Dance-to-the-Music-of-Time-1-3-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/1091093097093095094/Movement-Is-Fun-A-Preschool-Movement-Program-by-Susan-B-Young.pdf
    • http://loaminoo.linkpc.net/3090098099097093/The-Movement-of-Crowns-Movement-of-Crowns-1-by-Nadine-C-Keels.pdf
    • http://loaminoo.linkpc.net/9091099093097097/Principles-Of-Dance-And-Movement-Notation-by-Rudolf-Laban.pdf
    • http://loaminoo.linkpc.net/3096097093094092/Why-I-Left-The-Contemporary-Christian-Music-Movement-Confessions-of-a-Former-Worship-Leader-by-Dan-Lucarini.pdf
    • http://loaminoo.linkpc.net/3092093097095091/The-Kindly-Ones-A-Dance-to-the-Music-of-Time-Book-6-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/3092092095090096/A-Buyer-s-Market-A-Dance-to-the-Music-of-Time-2-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/3092093095095090/The-Soldier-s-Art-A-Dance-to-the-Music-of-Time-Book-8-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/3092092098093091/A-Question-of-Upbringing-A-Dance-to-the-Music-of-Time-1-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/8095091097097096/The-Inner-Movement-by-Brandt-Legg.pdf
    • http://loaminoo.linkpc.net/3096090095096096/Rapid-Eye-Movement-by-J-E-Stanley.pdf
    • http://loaminoo.linkpc.net/3092093097091095/Temporary-Kings-A-Dance-to-the-Music-of-Time-Book-11-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/3092093097092091/The-Military-Philosophers-A-Dance-to-the-Music-of-Time-Book-9-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/3092093097093097/Casanova-s-Chinese-Restaurant-A-Dance-to-the-Music-of-Time-5-by-Anthony-Powell.pdf
    • http://loaminoo.linkpc.net/1090099096097093/The-Movement-of-Bodies-by-Sheenagh-Pugh.pdf
    • http://loaminoo.linkpc.net/9091099091095091/The-Mastery-of-Movement-by-Rudolf-Laban.pdf
    • http://loaminoo.linkpc.net/7092092093097093/The-Lausanne-Movement-by-Lars-Dahle.pdf
    • http://loaminoo.linkpc.net/1091093091099093/The-Sense-of-Movement-by-Thom-Gunn.pdf
    • http://loaminoo.linkpc.net/9091099093098096/The-Mastery-Of-Movement-by-Rudolf-Laban.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.