Malicious PDF — malware analysis report

Static analysis result for SHA-256 6be3777adba0d247…

MALICIOUS

PDF

14.2 KB Created: 2019-05-07 03:45:07 +01:00 Authoring application: mPDF 5.7
MD5: 05baa1d892fdf09552dcbad7474290c1 SHA-1: c4005e6e1298585bcd7cfc00db1835a69fdf0250 SHA-256: 6be3777adba0d24786ec2a09df07872a85d9e88e6c81ce95aed07cc6f1eb2bf6
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files hosted on a dynamic DNS domain. This pattern is indicative of a link farm or SEO poisoning technique, designed to drive traffic to potentially malicious content or manipulate search engine results. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4096098096097091/Double-Six-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/4096098098097097/Champagne-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/3093091099099094/Champagne-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/2092095091091095/First-Christmas-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/4099095094099095/When-Skies-Have-Fallen-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/3094099090098096/Hiding-Behind-The-Couch-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/4098091091090098/The-Making-of-Us-Checking-Him-Out-4-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/7091092099091090/Goth-of-Christmas-Past-by-Debbie-McGowan.pdf
    • http://loaminoo.linkpc.net/3090092094094090/The-Deeper-We-Get-The-Harder-I-Fall-2-by-Jessica-Gibson.pdf
    • http://loaminoo.linkpc.net/3098093097090098/The-Harder-They-Fall-Herc-s-Mercs-5-by-Ari-McKay.pdf
    • http://loaminoo.linkpc.net/4098091092096098/Harder-We-Break-Fall-and-Rise-5-by-Chelsea-M-Cameron.pdf
    • http://loaminoo.linkpc.net/8090093096096/The-Fall-of-Candy-Corn-Sweet-Seasons-2-by-Debbie-Vigui-.pdf
    • http://loaminoo.linkpc.net/3097095094092094/-Before-the-Fall-8-Shingeki-no-Kyojin-Before-the-Fall-8-Attack-on-Titan-Before-the-Fall-Manga-8-by-Hajime-Isayama.pdf
    • http://loaminoo.linkpc.net/1097097095097/The-Harder-She-Comes-by-D-L-King.pdf
    • http://loaminoo.linkpc.net/4099092097097096/Harder-by-Blue-Ashcroft.pdf
    • http://loaminoo.linkpc.net/3091097094094/Rook-by-Anthony-McGowan.pdf
    • http://loaminoo.linkpc.net/1092099091094099/McGowan-s-Return-by-Rob-Smith.pdf
    • http://loaminoo.linkpc.net/3092099092095099/McGowan-s-Retreat-by-Rob-Smith.pdf
    • http://loaminoo.linkpc.net/5093091091095/Der-Tag-an-dem-ich-starb-by-Anthony-McGowan.pdf
    • http://loaminoo.linkpc.net/1095096096096096/Elpis-by-Aaron-McGowan.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.