Malicious PDF — malware analysis report

Static analysis result for SHA-256 7f20f51589c0ad32…

MALICIOUS

PDF

13.7 KB Created: 2019-04-30 03:30:06 +01:00 Authoring application: mPDF 5.7
MD5: 46e47cef27ceea0e1bde0175ea4d902c SHA-1: f35263fecbf6a2b34874265b9bc8d5a7176f6acd SHA-256: 7f20f51589c0ad32648c00a43f66f3b7faa4b3d929c2873956ad854b23468228
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the 'loaminoo.linkpc.net' domain. While the individual linked PDFs are currently marked as benign, the sheer volume and structure suggest a link farm or traffic distribution scheme, which is a common tactic for distributing malware or phishing content. No scripts were extracted, and the document body was unreadable, limiting further analysis.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2097097095090098/Eloise-Wilkin-s-Poems-to-Read-to-the-Very-Young-by-Eloise-Wilkin.pdf
    • http://loaminoo.linkpc.net/1098095092093094/Eloise-Wilkin-Stories-by-Eloise-Wilkin.pdf
    • http://loaminoo.linkpc.net/2094092098096097/My-Goodnight-Book-by-Eloise-Wilkin.pdf
    • http://loaminoo.linkpc.net/1098094092094091/Hansel-and-Gretel-Little-Golden-Books-by-Eloise-Wilkin.pdf
    • http://loaminoo.linkpc.net/2095098097094094/Baby-Listens-by-Esther-Burns-Wilkin.pdf
    • http://loaminoo.linkpc.net/7095098097095094/Elegant-Enigmas-The-Art-of-Edward-Gorey-by-Karen-Wilkin.pdf
    • http://loaminoo.linkpc.net/4090093098098097/Honey-I-Love-and-Other-Love-Poems-by-Eloise-Greenfield.pdf
    • http://loaminoo.linkpc.net/9091096096097/Grandmama-s-Joy-by-Eloise-Greenfield.pdf
    • http://loaminoo.linkpc.net/3091092095098093/Eloise-in-Paris-by-Kay-Thompson.pdf
    • http://loaminoo.linkpc.net/4097093091099/Out-Of-The-Flame-by-Eloise-Lownsbery.pdf
    • http://loaminoo.linkpc.net/8098092091093095/Eloise-The-Absolutely-Essential-by-Kay-Thompson.pdf
    • http://loaminoo.linkpc.net/1093096097092/The-Moorchild-by-Eloise-Jarvis-McGraw.pdf
    • http://loaminoo.linkpc.net/9091099099092/Letters-to-Eloise-by-Emily-Williams.pdf
    • http://loaminoo.linkpc.net/2093097091094095/The-Moorchild-by-Eloise-Jarvis-McGraw.pdf
    • http://loaminoo.linkpc.net/2094090094091097/The-Moorchild-by-Eloise-Jarvis-McGraw.pdf
    • http://loaminoo.linkpc.net/1091094099092093091/Eloise-s-New-Bonnet-by-Lisa-McClatchy.pdf
    • http://loaminoo.linkpc.net/7099095091095099/Orgueil-et-Pr-jug-by-lo-se-Perks.pdf
    • http://loaminoo.linkpc.net/5097093092099091/The-Legacy-of-Merlin-Charmed-8-by-Eloise-Flood.pdf
    • http://loaminoo.linkpc.net/9096093095092/She-Come-Bringing-Me-That-Little-Baby-Girl-by-Eloise-Greenfield.pdf
    • http://loaminoo.linkpc.net/9091092098091/The-Golden-Goblet-by-Eloise-Jarvis-McGraw.pdf
    • http://loaminoo.linkpc.net/3091092095098093/Eloise-in-Paris-by-Kay-Thompso

Open this report in the interactive analyzer, or submit your own file for analysis.