Malicious PDF — malware analysis report

Static analysis result for SHA-256 70c4fe2a62c167e4…

MALICIOUS

PDF

17.3 KB Created: 2019-05-02 22:41:10 +01:00 Authoring application: mPDF 5.7
MD5: 540aa8f6c4b0c395fbf3bd3b2f19fd30 SHA-1: 41b13f963961f4facc26d3a87dcd9f9ecd9f6faf SHA-256: 70c4fe2a62c167e49e4592b02c38058a0b234a2a789777aed21c1b01f0ae4a1e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently flagged as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to host further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1099094090097097/Marathon-Man-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/1098092097096091/The-Silent-Gondoliers-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/4094093091092092/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/2098097094092094/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/2097096097094091/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/7093097094091/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/4091099096091096/Butch-Cassidy-and-the-Sundance-Kid-Screenplay-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/4093099090091092/Money-and-Power-How-Goldman-Sachs-Came-to-Rule-the-World-by-William-D-Cohan.pdf
    • http://loaminoo.linkpc.net/6098099090094098/When-Money-Was-In-Fashion-Henry-Goldman-Goldman-Sachs-and-the-Founding-of-Wall-Street-by-June-Breton-Fisher.pdf
    • http://loaminoo.linkpc.net/2092097095092092/The-Ghost-and-the-Darkness-by-Dewey-Gram.pdf
    • http://loaminoo.linkpc.net/3095093093091091/The-Princess-Bride-S-Morgenstern-s-Classic-Tale-of-True-Love-and-High-Adventure-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/5095099092097/The-Princess-Bride-S-Morgenstern-s-Classic-Tale-of-True-Love-and-High-Adventure-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/3099094098093/Ghost-Hunter-Chronicles-of-Ancient-Darkness-6-by-Michelle-Paver.pdf
    • http://loaminoo.linkpc.net/6099099094090097/The-Princess-Bride-S-Morgenstern-s-Classic-Tale-of-True-Love-and-High-Adventure-The-quot-Good-Parts-quot-Version-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/1096093092093/Lie-Down-in-Darkness-by-William-Styron.pdf
    • http://loaminoo.linkpc.net/2092097098091094/Lie-Down-in-Darkness-by-William-Styron.pdf
    • http://loaminoo.linkpc.net/3093092093095092/Ghost-of-Chance-by-William-S-Burroughs.pdf
    • http://loaminoo.linkpc.net/1093097096099091/Five-Days-of-the-Ghost-by-William-Bell.pdf
    • http://loaminoo.linkpc.net/5094091096098/Darkness-Visible-by-William-Golding.pdf
    • http://loaminoo.linkpc.net/4098094093095096/The-Ghost-Pirates-by-William-Hope-Hodgson.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.