Malicious PDF — malware analysis report

Static analysis result for SHA-256 6be2f36992fa3bb2…

MALICIOUS

PDF

14.6 KB Created: 2019-05-07 06:23:38 +01:00 Authoring application: mPDF 5.7
MD5: a79643e6771c68ce6d3675fc17d53c93 SHA-1: 1695980d88b6cb12370f82679e1f885accebf8ed SHA-256: 6be2f36992fa3bb2b96c9d73eacda40f22085ea4b81de51ea857564e69350f09
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, many of which use numeric slugs and appear to be SEO-optimized. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the distribution of links to potentially malicious content hosted on a dynamic DNS domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1098094099091093/Hundred-To-One-Cedar-Tree-2-by-Freya-Barker.pdf
    • http://loaminoo.linkpc.net/1091098091099090091/Hundred-To-One-Cedar-Tree-2-by-Freya-Barker.pdf
    • http://loaminoo.linkpc.net/3094092091097093/Slim-To-None-Cedar-Tree-1-by-Freya-Barker.pdf
    • http://loaminoo.linkpc.net/1098094099092091/Head-Start-Cedar-Tree-7-by-Freya-Barker.pdf
    • http://loaminoo.linkpc.net/1098094099091091/Cruel-Water-Portland-ME-2-by-Freya-Barker.pdf
    • http://loaminoo.linkpc.net/1091098092090099/Cedar-Tree-of-Life-to-the-Northwest-Coast-Indians-by-Hilary-Stewart.pdf
    • http://loaminoo.linkpc.net/4097097095097099/Freya-Stark-in-Southern-Arabia-by-Freya-Stark.pdf
    • http://loaminoo.linkpc.net/1090094093097/The-Hundred-Year-Old-Man-Who-Climbed-Out-of-the-Window-and-Disappeared-The-Hundred-Year-Old-Man-1-by-Jonas-Jonasson.pdf
    • http://loaminoo.linkpc.net/7092094090093094/The-Essential-Clive-Barker-Selected-Fiction-by-Clive-Barker.pdf
    • http://loaminoo.linkpc.net/7092094090092092/Incarnations-Three-Plays-by-Clive-Barker-by-Clive-Barker.pdf
    • http://loaminoo.linkpc.net/1096099099090092/Red-Tree-White-Tree-Faeries-and-Humans-in-Partnership-by-Wendy-Berg.pdf
    • http://loaminoo.linkpc.net/1090092091090096096/Tree-Medicine-Tree-Magic-by-Ellen-Evert-Hopman.pdf
    • http://loaminoo.linkpc.net/1092098099094092/My-One-Hundred-Adventures-My-One-Hundred-Adventures-1-by-Polly-Horvath.pdf
    • http://loaminoo.linkpc.net/1097096095097095/Clive-Barker-s-Hellraiser-Vol-1-by-Clive-Barker.pdf
    • http://loaminoo.linkpc.net/7095090095091095/Chloe-by-Freya-North.pdf
    • http://loaminoo.linkpc.net/4099098096091/Freya-800-AD-by-Jean-Mead.pdf
    • http://loaminoo.linkpc.net/7097099098096/Secrets-by-Freya-North.pdf
    • http://loaminoo.linkpc.net/4095098092097097/Rumours-by-Freya-North.pdf
    • http://loaminoo.linkpc.net/1091098091099094091/Freya-on-the-Wall-by-T-Degens.pdf
    • http://loaminoo.linkpc.net/1091098091098095098/A-Winter-in-Arabia-by-Freya-Stark.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.