Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ac040e51e206c4a…

MALICIOUS

PDF

17.4 KB Created: 2019-04-30 05:32:35 +01:00 Authoring application: mPDF 5.7
MD5: 56de0d940b541235f0276d0c9f5e1994 SHA-1: 42a0eef4b8987e035028211f2712ee0968386460 SHA-256: 7ac040e51e206c4a8b6ac20b6156e6fe150c5727c327695cb50cf7615967abf1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs appear benign, the sheer volume and the heuristic's name suggest a link farm or phishing attempt. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3099095094094098/Teaching-Willow-Session-Two-Teaching-Willow-2-by-Paige-James.pdf
    • http://loaminoo.linkpc.net/5090094090098096/Mindful-Teaching-and-Teaching-Mindfulness-A-Guide-for-Anyone-Who-Teaches-Anything-by-Deborah-Schoeberlein-David.pdf
    • http://loaminoo.linkpc.net/6094090095093097/God-in-Pain-Teaching-Sermons-on-Suffering-Teaching-Sermons-Series-by-Barbara-Brown-Taylor.pdf
    • http://loaminoo.linkpc.net/3098093091094095/Shakespeare-Set-Free-Teaching-Hamlet-and-Henry-IV-Part-I-by-Teaching-Shakespeare-Institute.pdf
    • http://loaminoo.linkpc.net/1093096092094090/Willow-King-Willow-King-1-by-Chris-Platt.pdf
    • http://loaminoo.linkpc.net/1090099095096092099/Teaching-With-Cases-by-James-A-Erskine.pdf
    • http://loaminoo.linkpc.net/5099096091098099/Guide-to-Transforming-Teaching-Through-Self-Inquiry-by-James-Pelech.pdf
    • http://loaminoo.linkpc.net/5099096091097099/The-Comprehensive-Handbook-of-Constructivist-Teaching-From-Theory-to-Practice-by-James-Pelech.pdf
    • http://loaminoo.linkpc.net/4094098091091096/The-Art-of-Changing-the-Brain-Enriching-the-Practice-of-Teaching-by-Exploring-the-Biology-of-Learning-by-James-E-Zull.pdf
    • http://loaminoo.linkpc.net/5093093093097/One-Little-Lie-by-Holly-Willow.pdf
    • http://loaminoo.linkpc.net/2092096098/Yes-Please-Please-1-by-Willow-Summers.pdf
    • http://loaminoo.linkpc.net/7097096097097093/Willow-Springs-70-by-Willow-Springs.pdf
    • http://loaminoo.linkpc.net/2096093090092093/Taken-Warriors-of-Hir-2-by-Willow-Danes.pdf
    • http://loaminoo.linkpc.net/7092099097/She-Asked-for-It-by-Willow-Winters.pdf
    • http://loaminoo.linkpc.net/1095091090099090/The-Rock-And-The-Willow-by-Mildred-Lee.pdf
    • http://loaminoo.linkpc.net/2099094094095099/Damaged-by-Willow-Winters.pdf
    • http://loaminoo.linkpc.net/2094098091099097/Haunted-by-Willow-Cross.pdf
    • http://loaminoo.linkpc.net/3095093094098094/Willow-Man-by-John-Inman.pdf
    • http://loaminoo.linkpc.net/3091095097099095/Broken-by-Willow-Winters.pdf
    • http://loaminoo.linkpc.net/3094091091092098/Knocking-Boots-by-Willow-Winters.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.