Malicious PDF — malware analysis report

Static analysis result for SHA-256 7edf6e8165e34f06…

MALICIOUS

PDF

15.4 KB Created: 2019-04-30 18:57:30 +01:00 Authoring application: mPDF 5.7
MD5: 6f2b63a9f866ca93d3de56f01a345d8c SHA-1: 2ddcf209679e1577b52b2e395573a632b4dfb01b SHA-256: 7edf6e8165e34f064fee89a4cc40d116bad55c23470046f8609acae31aa26566
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily corrupted, the presence of numerous links suggests an attempt to manipulate search engine results or distribute malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1093099097096098/Selected-Poems-by-Anne-Sexton.pdf
    • http://loaminoo.linkpc.net/6092099099092095/The-Complete-Poems-of-Anne-Bronte-1920-by-Anne-Bront-.pdf
    • http://loaminoo.linkpc.net/2090093090098099/Transformations-by-Anne-Sexton.pdf
    • http://loaminoo.linkpc.net/1096090090099/All-My-Pretty-Ones-by-Anne-Sexton.pdf
    • http://loaminoo.linkpc.net/4092095095092097/45-Mercy-Street-by-Anne-Sexton.pdf
    • http://loaminoo.linkpc.net/1095091092098/Anne-Sexton-A-Biography-by-Diane-Wood-Middlebrook.pdf
    • http://loaminoo.linkpc.net/9095090093098098/Anne-of-Green-Gables-The-Complete-Anne-Shirley-Series-by-L-M-Montgomery.pdf
    • http://loaminoo.linkpc.net/7098090099090/JOHN-DONNE-COMPLETE-WORKS-ULTIMATE-COLLECTION-All-Poems-Love-Poetry-Holy-Sonnets-Devotions-Meditations-English-Poems-Sermons-PLUS-BIOGRAPHIES-and-ANNOTATIONS-Annotated-by-John-Donne.pdf
    • http://loaminoo.linkpc.net/4095099095099094/Complete-Poems-by-A-B-Paterson.pdf
    • http://loaminoo.linkpc.net/2090095091098095/The-Complete-Poems-by-Ben-Jonson.pdf
    • http://loaminoo.linkpc.net/4092099090091093/The-Complete-Poems-by-Thomas-Hardy.pdf
    • http://loaminoo.linkpc.net/4095097097091096/The-Complete-Poems-by-Hart-Crane.pdf
    • http://loaminoo.linkpc.net/3099097099098091/Complete-Poems-by-Christina-Rossetti.pdf
    • http://loaminoo.linkpc.net/3098092099094/The-Complete-Poems-by-John-Keats.pdf
    • http://loaminoo.linkpc.net/4095099092095096/The-Complete-Poems-by-Guido-Cavalcanti.pdf
    • http://loaminoo.linkpc.net/4091092096097092/The-Complete-Poems-by-Basil-Bunting.pdf
    • http://loaminoo.linkpc.net/1099090099098096/Complete-Poems-by-Kenneth-Fearing.pdf
    • http://loaminoo.linkpc.net/4091092093098092/Complete-Poems-by-Blaise-Cendrars.pdf
    • http://loaminoo.linkpc.net/4091098099098/The-Complete-Poems-by-William-Blake.pdf
    • http://loaminoo.linkpc.net/9090096099094/Complete-Poems-by-Edgar-Allan-Poe.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.