Malicious PDF — malware analysis report

Static analysis result for SHA-256 6948688a83145b30…

MALICIOUS

PDF

13.9 KB Created: 2019-04-30 03:40:08 +01:00 Authoring application: mPDF 5.7
MD5: 76f44b4ba9cf2ca5ce93ac21823894fd SHA-1: 6ba06973240c34aeff490ef6a0a465fc495a4d6d SHA-256: 6948688a83145b30c33623a885e2f5b465cadea66c52ac62f88903bd8e18d84b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external websites, identified as a link farm. While the document body is heavily obfuscated, the presence of numerous URLs suggests an attempt to direct users to potentially malicious or SEO-manipulated content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4095094093092098/Way-of-the-Shadows-Shadow-Agents-Guts-and-Glory-8-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/6097098097095/Glitter-and-Gunfire-Shadow-Agents-4-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/4097090098095095/Enslaved-in-Shadows-Shadow-Unit-1-by-Tigris-Eden.pdf
    • http://loaminoo.linkpc.net/5099095096099090/Clemson-Tough-Guts-and-Glory-Under-Dabo-Swinney-by-Larry-Williams.pdf
    • http://loaminoo.linkpc.net/4094096090096098/When-the-Morning-Glory-Blooms-by-Cynthia-Ruchti.pdf
    • http://loaminoo.linkpc.net/2090095095096095/A-Bit-of-Bite-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/1090099098093093095/Stirb-f-r-ihn-For-Me-1-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/2090096095092095/A-Bit-of-Bite-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/8099091097095/The-Wolf-Within-Purgatory-1-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/3094097093098099/Need-Me-Dark-Obsession-3-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/1092092099094097/The-Vampire-s-Kiss-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/1091094095091/Burn-For-Me-Phoenix-Fire-1-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/4094092094098/Angel-of-Darkness-The-Fallen-1-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/3095094099091093/Wicked-and-Wild-Bad-Things-7-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/4097098090097/Angel-Betrayed-The-Fallen-2-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/3094099097098096/Deal-With-The-Devil-Purgatory-4-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/4097098094098/Avenging-Angel-The-Fallen-4-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/4090092097093093/Better-Off-Undead-Blood-and-Moonlight-2-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/4096095092095/Eternal-Flame-Night-Watch-3-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/1090094098091091099/Dark-Obsession---Need-me-Dunkle-Begierde-3-by-Cynthia-Eden.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.