Malicious PDF — malware analysis report

Static analysis result for SHA-256 722744c4d23ddd24…

MALICIOUS

PDF

17.9 KB Created: 2019-05-07 04:31:34 +01:00 Authoring application: mPDF 5.7
MD5: adfb2804f78c94a6e27e7772f95f05dd SHA-1: 82555329fc4a069e971425b7bf755498f27d6aaf SHA-256: 722744c4d23ddd24f13fedeb96c38b6131b1c44805aad9ba5b74d264b0fd0c7d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, forming a link farm. This behavior is indicative of SEO poisoning or a similar content-driven lure. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8095098091096094/Dark-Enchantress-Welcome-to-Heartstone-Book-1-by-Timothy-Baril.pdf
    • http://loaminoo.linkpc.net/8095098091097094/The-Wedding-Present-by-Charles-Michael-Baril.pdf
    • http://loaminoo.linkpc.net/2098095092097094/The-Dark-Horse-Book-of-Monsters-The-Dark-Horse-Book-of-4-by-Scott-Allie.pdf
    • http://loaminoo.linkpc.net/1092097098094096/The-Dark-Truth-Book-One---The-Dark-Passage-Series-by-Jerry-Knaak.pdf
    • http://loaminoo.linkpc.net/1097093097090/Heartstone-by-Phillip-Margolin.pdf
    • http://loaminoo.linkpc.net/1090095099094093/Heartstone-amp-Saber-by-Jacqui-Singleton.pdf
    • http://loaminoo.linkpc.net/7090090095093/Heartstone-Matthew-Shardlake-5-by-C-J-Sansom.pdf
    • http://loaminoo.linkpc.net/2090095095094099/Heartstone-Matthew-Shardlake-5-by-C-J-Sansom.pdf
    • http://loaminoo.linkpc.net/2093099093091094/The-Diamond-Heartstone-by-Leila-Brown.pdf
    • http://loaminoo.linkpc.net/8095098091097095/PowerPoint-Presentation-CD-ROM-to-Accompany-Information-Technology-and-Management-by-William-Cats-Baril.pdf
    • http://loaminoo.linkpc.net/3092091095092098/The-Psychedelic-Experience-A-Manual-Based-on-the-Tibetan-Book-of-the-Dead-by-Timothy-Leary.pdf
    • http://loaminoo.linkpc.net/8095098090098092/Feminine-Face-of-the-People-of-God-Biblical-Symbols-of-the-Church-as-Bride-and-Mother-by-Gilberte-Baril.pdf
    • http://loaminoo.linkpc.net/8091099095096095/Legacy-of-the-Valkyrie-The-Heartstone-Saga-2-by-Archibald-Bradford.pdf
    • http://loaminoo.linkpc.net/1098096095097091/The-Enchantress-of-Florence-by-Salman-Rushdie.pdf
    • http://loaminoo.linkpc.net/5092096093090098/Elizabeth-The-Enchantress-by-Lavinia-Kent.pdf
    • http://loaminoo.linkpc.net/5090092092099098/The-Mask-of-the-Enchantress-by-Victoria-Holt.pdf
    • http://loaminoo.linkpc.net/3092094095091098/Enchantress-Night-World-3-by-L-J-Smith.pdf
    • http://loaminoo.linkpc.net/7090091097/Enchantress-of-Numbers-by-Jennifer-Chiaverini.pdf
    • http://loaminoo.linkpc.net/6097092094099091/Darkness-Gathering-Dark-Empire-Book-Bundle-5-Novels-In-One-Legends-Of-A-Dark-Empire-6-by-Tori-Minard.pdf
    • http://loaminoo.linkpc.net/4098097093090097/The-Beast-s-Enchantress-by-Elizabeth-Jane-Kitchens.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.