Malicious PDF — malware analysis report

Static analysis result for SHA-256 745138ba2e16949d…

MALICIOUS

PDF

15.3 KB Created: 2019-04-30 17:44:40 +01:00 Authoring application: mPDF 5.7
MD5: 87f151b6241b62faa8c5f8614605fa42 SHA-1: 31253655bb6977b704489611ba57c1f063546419 SHA-256: 745138ba2e16949d302fe9f847f97ba088b64f057ddcf10edf5d343e323b08d1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently flagged as benign, the sheer volume and the heuristic firing of PDF_SEO_LINK_FARM suggest a malicious intent, possibly for SEO manipulation or to host further malicious content. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9094093091/Verses-for-the-Dead-Pendergast-18-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/3096091092091/The-Book-of-the-Dead-Pendergast-7-Diogenes-3-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/4091095090095/Reliquary-Pendergast-2-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/1095093095091090/Relic-Pendergast-1-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/4090097091091097/Still-Life-with-Crows-Pendergast-4-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/3098092095099/The-Wheel-of-Darkness-Pendergast-8-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/3095098097090094/Crimson-Shore-Pendergast-15-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/3094091097090/The-Cabinet-of-Curiosities-Pendergast-3-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/4092094098095092/City-of-Endless-Night-Pendergast-17-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/7095098095096097/Descente-en-enfer-Saga-Inspecteur-Pendergast-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/7095098095096095/Temp-te-blanche-Saga-Inspecteur-Pendergast-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/1091096097090097099/Gaslighted-Slappy-the-Ventriloquist-Dummy-vs-Aloysius-Pendergast-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/6098098090096090/La-Trilogie-Diog-ne---Trois-enqu-tes-de-l-inspecteur-Pendergast-Le-Violon-du-diable-Danse-de-mort-Le-Livre-des-tr-pass-s-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/2095093091096093/The-Ice-Limit-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/2098095092093094/The-Monster-of-Florence-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/2091093094096090/The-Obsidian-Chamber-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/1096099093092099/The-Monster-of-Florence-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/5097099091099093/Ice-Limit-La-Barriere-de-Glace-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/1092096094096090/Impact-Wyman-Ford-3-by-Douglas-Preston.pdf
    • http://loaminoo.linkpc.net/4096091095094099/The-Lost-City-of-the-Monkey-God-by-Douglas-Preston.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.