Malicious PDF — malware analysis report

Static analysis result for SHA-256 7e08b02d6b6cadb1…

MALICIOUS

PDF

13.4 KB Created: 2019-04-30 08:21:03 +01:00 Authoring application: mPDF 5.7
MD5: 8773a2a8caf27063a5cef7d63d7eb463 SHA-1: ca94e254d07d131001bbb0cdff2303299d16022a SHA-256: 7e08b02d6b6cadb1b634ba918db3bd17b1d96201fb6b3b67e6c0d02cdbc89876
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external websites, identified as a link farm. While the document body is heavily obfuscated, the heuristic firings indicate a malicious intent, likely to redirect users to potentially harmful content or for SEO manipulation. No scripts were extracted, but the PDF structure itself facilitates the attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3096093096093091/Wedding-Date-for-Hire-Anyone-But-You-2-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/3098091094094096/Wedding-Date-for-Hire-Anyone-But-You-2-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/1092092099094093/A-Little-Bit-Cupid-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/2097094090098098/From-Fake-to-Forever-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/5097097098093/Fiance-by-Fate-Anyone-But-You-1-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/3099093097090097/Sunny-Days-for-Sam-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/3097093092093090/Wrong-Brother-Right-Match-Anyone-But-You-3-by-Jennifer-Shirk.pdf
    • http://loaminoo.linkpc.net/4098090091099099/Just-This-Once-The-Wedding-Date-3-by-Mira-Lyn-Kelly.pdf
    • http://loaminoo.linkpc.net/8098095093093097/The-Wedding-Date-by-Jasmine-Guillory.pdf
    • http://loaminoo.linkpc.net/7098098097/The-Wedding-Date-by-Zara-Stoneley.pdf
    • http://loaminoo.linkpc.net/7091098090/The-Wedding-Date-by-Jasmine-Guillory.pdf
    • http://loaminoo.linkpc.net/5099090094097098/The-Wedding-Date-Silhouette-Yours-Truly-12-by-Christie-Ridgway.pdf
    • http://loaminoo.linkpc.net/4096096097099092/The-Wedding-Gift-Save-the-Date-3-5-by-Cara-Connelly.pdf
    • http://loaminoo.linkpc.net/9095095099093099/The-Bear-s-Wedding-Date-Alaskan-Bears-2-by-Tiffany-Allee.pdf
    • http://loaminoo.linkpc.net/2098090099095094/Save-the-Date-The-Occasional-Mortifications-of-a-Serial-Wedding-Guest-by-Jen-Doll.pdf
    • http://loaminoo.linkpc.net/8091091098098/The-Wedding-Quilt-Elm-Creek-Quilts-18-by-Jennifer-Chiaverini.pdf
    • http://loaminoo.linkpc.net/2094096094093096/Fear-for-Hire-For-Hire-2-by-Natalie-S-Ellis.pdf
    • http://loaminoo.linkpc.net/2090097094093099/Bear-Fur-Hire-Bears-Fur-Hire-2-by-T-S-Joyce.pdf
    • http://loaminoo.linkpc.net/4092094091099093/Wolf-Fur-Hire-Bears-Fur-Hire-4-by-T-S-Joyce.pdf
    • http://loaminoo.linkpc.net/3095091090090090/Pearl-Harbor-Date-of-Infamy-Date-to-Remember-by-Jon-J-Cardwell.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.