Malicious PDF — malware analysis report

Static analysis result for SHA-256 81c46d1220c131e5…

MALICIOUS

PDF

12.6 KB Created: 2019-04-30 01:57:26 +01:00 Authoring application: mPDF 5.7
MD5: d257e43a036c27f69b7e2deb462a8fb5 SHA-1: 731db9be4c8c201bb80c2acf035092cd113c061a SHA-256: 81c46d1220c131e5b4aaa910dcf14779ab9e03ce453111a08cd76eebad23e4fe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links pointing to external PDF files hosted on the domain 'loaminoo.linkpc.net'. This heuristic firing indicates a link farm, likely intended to drive traffic or distribute further malicious content. The ML classifier also flagged the document as malicious, supporting this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2098091091091090/The-Garrett-Files-Garrett-P-I-1-3-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/3097099093095097/Old-Tin-Sorrows-Garrett-Files-4-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/3097099093095099/Red-Iron-Nights-Garrett-Files-6-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/3097099095090092/Deadly-Quicksilver-Lies-Garrett-Files-7-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/3097099093095098/Dread-Brass-Shadows-Garrett-Files-5-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/4093098096096095/Faded-Steel-Heat-Garrett-P-I-9-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/3097099094099096/Whispering-Nickel-Idols-Garrett-P-I-11-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/4090092098091093/Wicked-Bronze-Ambition-Garrett-P-I-14-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/1091098092096099/Sweet-Silver-Blues-Garrett-P-I-1-by-Glen-Cook.pdf
    • http://loaminoo.linkpc.net/9096093090090/The-Elemental-Master-by-Glen-Garrett.pdf
    • http://loaminoo.linkpc.net/1097095092097098/Murderland-Part-1-h8-by-Garrett-Cook.pdf
    • http://loaminoo.linkpc.net/4098091094093095/Stardusters-by-Ann-Garrett.pdf
    • http://loaminoo.linkpc.net/4094098095090097/Trick-by-Lori-Garrett.pdf
    • http://loaminoo.linkpc.net/4097092097099096/Lucky-by-Garrett-Leigh.pdf
    • http://loaminoo.linkpc.net/1090097092091090093/Shadowman-by-Garrett-Zopfi.pdf
    • http://loaminoo.linkpc.net/4097095093092090/Cause-of-Death-by-Geoffrey-Garrett.pdf
    • http://loaminoo.linkpc.net/7096096096099/Pursuit-by-Jason-Garrett.pdf
    • http://loaminoo.linkpc.net/4097099097098093/Heart-by-Garrett-Leigh.pdf
    • http://loaminoo.linkpc.net/3095093094094097/Rosemillion-by-Pat-Garrett-Miller.pdf
    • http://loaminoo.linkpc.net/1091099095096093092/A-Columbus-of-Space-by-Garrett-P-Serviss.pdf
    • http://loaminoo.linkpc.net/

Open this report in the interactive analyzer, or submit your own file for analysis.