Malicious PDF — malware analysis report

Static analysis result for SHA-256 74d3ca80639b4f80…

MALICIOUS

PDF

15.4 KB Created: 2019-04-30 04:51:15 +01:00 Authoring application: mPDF 5.7
MD5: d8d04f5160cee8cf58ae2059f031e529 SHA-1: fc7ff68669a10b714122aa8d8d8d594844e881bf SHA-256: 74d3ca80639b4f8064b788b959533b7e4c509207b8aefe9b831c4bc69b873621
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. These URLs point to external PDF files, suggesting a traffic-driving or content-distribution scheme. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2090095091091090/The-Lion-in-Winter-by-James-Goldman.pdf
    • http://loaminoo.linkpc.net/2099090092090097/The-Lion-in-Winter-by-James-Goldman.pdf
    • http://loaminoo.linkpc.net/6098099090094098/When-Money-Was-In-Fashion-Henry-Goldman-Goldman-Sachs-and-the-Founding-of-Wall-Street-by-June-Breton-Fisher.pdf
    • http://loaminoo.linkpc.net/1095092099091090/They-Also-Serve-Follies-2-by-Hilary-Green.pdf
    • http://loaminoo.linkpc.net/4095094096097091/Shutterbug-Follies-Graphic-Novel-by-Jason-Little.pdf
    • http://loaminoo.linkpc.net/5096090096095093/Siegfried-Follies-by-Richard-Alther.pdf
    • http://loaminoo.linkpc.net/3095091097098/The-Brooklyn-Follies-by-Paul-Auster.pdf
    • http://loaminoo.linkpc.net/8099091098096091/The-Plato-Cult-And-Other-Philosophical-Follies-by-David-Stove.pdf
    • http://loaminoo.linkpc.net/1095093096096098/The-Follies-of-the-King-Plantagenet-Saga-8-by-Jean-Plaidy.pdf
    • http://loaminoo.linkpc.net/6095090094097090/Pleasures-and-Follies-of-a-Goodnatured-Libertine-by-R-tif-de-la-Bretonne.pdf
    • http://loaminoo.linkpc.net/1091095093091093091/Bugatti---The-Designer--The-Inventions-ideas-thoughts-amp-Follies-of-Ettore-Bugatti-by-Barry-Eaglesfield.pdf
    • http://loaminoo.linkpc.net/6098099091098094/A-Dream-for-Two-by-Kate-Goldman.pdf
    • http://loaminoo.linkpc.net/2097098092094092/Gone-to-Dust-A-Novel-by-Matt-Goldman.pdf
    • http://loaminoo.linkpc.net/1099094090097097/Marathon-Man-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/4090094092090097/The-Ghost-and-the-Darkness-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/4094093091092092/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/2097096097094091/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/7093097094091/The-Princess-Bride-by-William-Goldman.pdf
    • http://loaminoo.linkpc.net/1098097091096097/If-I-Did-It-Confessions-of-the-Killer-by-The-Goldman-Family.pdf
    • http://loaminoo.linkpc.net/1093095099094/The-Ashwater-Experiment-by-Amy-Goldman-Koss.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.