Malicious PDF — malware analysis report

Static analysis result for SHA-256 6b1a0b847a77de05…

MALICIOUS

PDF

15.2 KB Created: 2019-04-30 03:32:11 +01:00 Authoring application: mPDF 5.7
MD5: 991c9f5ee06b6cd7ea91c73a699a512f SHA-1: 11de93e97051b77c0502a1da2d9ae798b6b9ed4f SHA-256: 6b1a0b847a77de05fdae4ea4b7e0ef0c7ac1cbb0b91f33b1c86b3bd9bf7035e3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF files. While the document body is heavily obfuscated, the presence of numerous links suggests an attempt to direct users to potentially malicious content or a link farm. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9741

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7098095094095091/Why-Priests-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/5091090092093/Under-God-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/7098095094099091/Saint-Augustine-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/5090096095094/James-Madison-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/7097099095092099/Certain-Trumpets-The-Nature-of-Leadership-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/7098095096092091/The-Kennedy-Imprisonment-A-Meditation-on-Power-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/7098095095098096/A-Necessary-Evil-A-History-of-American-Distrust-of-Government-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/2090095090098095/Negro-President-Jefferson-and-the-Slave-Power-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/6094099096090095/Font-of-Life-Ambrose-Augustine-and-the-Mystery-of-Baptism-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/1096095099090091/Bomb-Power-The-Modern-Presidency-and-the-National-Security-State-by-Garry-Wills.pdf
    • http://loaminoo.linkpc.net/1090092098094099096/Garry-Kasparov-on-Garry-Kasparov-Part-1-1973-1985-by-Garry-Kasparov.pdf
    • http://loaminoo.linkpc.net/7097096098096/Garry-Kasparov-on-My-Great-Predecessors-Part-2-by-Garry-Kasparov.pdf
    • http://loaminoo.linkpc.net/5091093097091092/Garry-Kasparov-on-My-Great-Predecessors-Part-1-by-Garry-Kasparov.pdf
    • http://loaminoo.linkpc.net/9095090099096091/The-Druids-Celtic-Priests-of-Nature-by-Jean-Markale.pdf
    • http://loaminoo.linkpc.net/3090096095098096/Revelations-Princes-and-Priests-3-Novels-of-Shannon-3-by-Angela-MacDonald.pdf
    • http://loaminoo.linkpc.net/1096098092091094/Magistrates-of-the-Sacred-Parish-Priests-and-Indian-Parishioners-in-Eighteenth-Century-Mexico-by-William-B-Taylor.pdf
    • http://loaminoo.linkpc.net/5094096090099097/The-Technopriests-Techno-Pre-School-Techno-Priests-by-Alejandro-Jodorowsky.pdf
    • http://loaminoo.linkpc.net/5098092097096090/The-Man-from-JPL-by-Henrie-Wills.pdf
    • http://loaminoo.linkpc.net/6098091099091097/A-Few-Men-Faithful-by-Jim-Wills.pdf
    • http://loaminoo.linkpc.net/7098095094095092/Between-the-Lies-by-A-J-Wills.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.