Malicious PDF — malware analysis report

Static analysis result for SHA-256 7228e71f45700f49…

MALICIOUS

PDF

12.4 KB Created: 2019-04-29 23:06:52 +01:00 Authoring application: mPDF 5.7
MD5: caa2e791c27c4fe2ae4ac5e068b87b5e SHA-1: 70088d0d04eec89c2fb01d7e42d52be5bc2f2674 SHA-256: 7228e71f45700f49cf012a4666b1f55eef65c9ffcd797bf9777a6d863dad9f10
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on a dynamic DNS domain. This behavior is indicative of a link farm or SEO poisoning tactic, designed to drive traffic to specific content or potentially malicious sites. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5091091091092098/The-Only-Secret-Left-to-Keep-by-Katherine-Hayton.pdf
    • http://loaminoo.linkpc.net/4098091091094094/Breathe-Out-Just-Breathe-2-by-Martha-Sweeney.pdf
    • http://loaminoo.linkpc.net/1095093091093092/Breathe-Breathe-1-by-Sloan-Parker.pdf
    • http://loaminoo.linkpc.net/4095092093098094/Breathe-Again-Breathe-2-by-Rachel-Brookes.pdf
    • http://loaminoo.linkpc.net/1098097099093093/Breathe-Breathe-1-by-Sarah-Crossan.pdf
    • http://loaminoo.linkpc.net/3094093095097091/Breathe-Breathe-1-by-Sarah-Crossan.pdf
    • http://loaminoo.linkpc.net/1093090092099093/Breathe-Breathe-1-by-Sloan-Parker.pdf
    • http://loaminoo.linkpc.net/1093099093097099/Cells-of-Knowledge-by-Sian-Hayton.pdf
    • http://loaminoo.linkpc.net/3090097092092094/Release-by-Nicole-Hadaway.pdf
    • http://loaminoo.linkpc.net/3090092095096091/Release-by-Patrick-Ness.pdf
    • http://loaminoo.linkpc.net/2091090090097091/Release-Davlova-1-by-A-M-Sexton.pdf
    • http://loaminoo.linkpc.net/4099097093094099/Wild-Release-by-Amy-Ruttan.pdf
    • http://loaminoo.linkpc.net/1095097095091094/The-Release-The-Prey-3-by-Tom-Isbell.pdf
    • http://loaminoo.linkpc.net/3096090093099094/Release-The-Protector-3-by-M-R-Merrick.pdf
    • http://loaminoo.linkpc.net/1095092091098091/Release-by-Beth-Kery.pdf
    • http://loaminoo.linkpc.net/1092098093093094/Upon-Release-From-Prison-by-Glenn-Langohr.pdf
    • http://loaminoo.linkpc.net/4098096099094090/Release-Me-Control-2-by-Shanora-Williams.pdf
    • http://loaminoo.linkpc.net/8098091094095091/Release-The-Core-5-by-Nola-Sarina.pdf
    • http://loaminoo.linkpc.net/2092094099/Release-The-Walker-Brothers-1-by-J-S-Scott.pdf
    • http://loaminoo.linkpc.net/4096097099099/Release-Me-Stark-Trilogy-1-by-J-Kenner.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.