Malicious PDF — malware analysis report

Static analysis result for SHA-256 7e07b7502bc3e65c…

MALICIOUS

PDF

13.3 KB Created: 2019-04-30 04:07:24 +01:00 Authoring application: mPDF 5.7
MD5: 97f9978cb9a7edee0397f249451358f5 SHA-1: 860f58ab29ad593efc156440ecd1e4a836be56b0 SHA-256: 7e07b7502bc3e65c9353ed6548501ea49790f243335684a25dfbde1f2a616a05
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is a link farm, likely designed to distribute malicious content or engage in SEO abuse. The embedded URLs, while currently classified as benign, are part of this suspicious structure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/2206208201208200/The-Hollow-Man-Dr-Gideon-Fell-6-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2208209201200206/The-Crooked-Hinge-Dr-Gideon-Fell-8-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2202207208200204/The-Case-of-the-Constant-Suicides-Dr-Gideon-Fell-13-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/4209202202208203/Till-Death-Do-Us-Part-Dr-Gideon-Fell-15-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/6209204207202200/A-John-Dickson-Carr-Trio-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2202209204203203/Papa-La-Bas-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2206208203209206/Captain-Cut-Throat-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/1201205204201202/Fire-Burn-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2206208205206200/The-Witch-of-the-Low-Tide-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2208200200209208/The-Murder-of-Sir-Edmund-Godfrey-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/1201202205201208206/Der-Teufel-in-Samt-Roman-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/3206201202200207/The-Corpse-in-the-Waxworks-Henri-Bencolin-4-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2203207200207202/Castle-Skull-Henri-Bencolin-2-by-John-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/2201208200202208/Ripped-by-Shelly-Dickson-Carr.pdf
    • http://xiixmcuin.linkpc.net/1200202202208201202/Fell-s-Hollow-by-A-J-Abbiati.pdf
    • http://xiixmcuin.linkpc.net/1208206209203209/Gideon-s-Sword-Gideon-Crew-1-by-Douglas-Preston.pdf
    • http://xiixmcuin.linkpc.net/5207201206201204/Gideon-s-Rescue-Gideon-and-Sirius-4-by-Alan-Russell.pdf
    • http://xiixmcuin.linkpc.net/2204204206204208/Hollow-Earth-Hollow-Earth-1-by-John-Barrowman.pdf
    • http://xiixmcuin.linkpc.net/2200208205208208/Hollow-Earth-Hollow-Earth-1-by-John-Barrowman.pdf
    • http://xiixmcuin.linkpc.net/6209204207201208/The-Adventures-of-Dickson-McCunn-by-John-Buchan.pdf
    • http://xiixmcuin.linkpc.net/3206201202200207/Th

Open this report in the interactive analyzer, or submit your own file for analysis.