Malicious PDF — malware analysis report

Static analysis result for SHA-256 824ce11d16fda7bd…

MALICIOUS

PDF

21.7 KB Created: 2019-05-01 19:49:42 +01:00 Authoring application: mPDF 5.7
MD5: 8a4d5899a573efa7817b0f7a23ff1692 SHA-1: 2886304dd7dcce02b9ef765a9f0160b921aca5b3 SHA-256: 824ce11d16fda7bdbd99f2192e415677417ec97443967523996f278035fe96e1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents hosted on a dynamic DNS domain. This technique is commonly used for SEO poisoning to drive traffic to malicious sites or to distribute further malware. The document body is heavily obfuscated, preventing a clear understanding of its specific lure, but the heuristic firings strongly indicate a link farm strategy.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3090094094093092/Only-the-Ball-Was-White-A-History-of-Legendary-Black-Players-and-All-Black-Professional-Teams-by-Robert-W-Peterson.pdf
    • http://loaminoo.linkpc.net/9099092098093/1970s-Baseball-A-History-and-Analysis-of-the-Decade-s-Best-Seasons-Teams-and-Players-by-Joe-Gersbeck.pdf
    • http://loaminoo.linkpc.net/9092095094098098/White-Lies-and-Black-Markets-Evading-Metropolitan-Authority-in-Colonial-Suriname-1650-1800-by-Karwan-Fatah-Black.pdf
    • http://loaminoo.linkpc.net/4097099092096090/The-Trouble-Between-Us-An-Uneasy-History-of-White-and-Black-Women-in-the-Feminist-Movement-by-Winifred-Breines.pdf
    • http://loaminoo.linkpc.net/2097093095098098/Black-Banner-Players-by-Geoffrey-Trease.pdf
    • http://loaminoo.linkpc.net/2091096098091099/White-Women-The-Sex-Black-Men-Love-Why-White-Women-Is-the-Choice-for-Cheating-Black-Men-by-Raymoni-Love.pdf
    • http://loaminoo.linkpc.net/2091096097096097/White-Women-the-Sex-Black-Men-Love-Why-White-Women-Are-Those-Choice-for-Cheating-Black-Men-by-Raymoni-Love.pdf
    • http://loaminoo.linkpc.net/2095090098095099/The-Defender-How-the-Legendary-Black-Newspaper-Changed-America-by-Ethan-Michaeli.pdf
    • http://loaminoo.linkpc.net/3090092091097092/White-on-Black-on-White-by-Coleman-Dowell.pdf
    • http://loaminoo.linkpc.net/3094095094097098/The-Sweet-Hell-Inside-The-Rise-of-an-Elite-Black-Family-in-the-Segregated-South-by-Edward-Ball.pdf
    • http://loaminoo.linkpc.net/7099097091098098/Fair-Dealing-and-Clean-Playing-The-Hilldale-Club-and-the-Development-of-Black-Professional-Baseball-1910-1932-by-Neil-Lanctot.pdf
    • http://loaminoo.linkpc.net/3091098098099097/Black-and-White-by-Eric-Walters.pdf
    • http://loaminoo.linkpc.net/3094095097099098/The-Black-And-White-Of-It-by-Ann-Allen-Shockley.pdf
    • http://loaminoo.linkpc.net/1099098095099098/Not-Just-Black-and-White-by-Lesley-Williams.pdf
    • http://loaminoo.linkpc.net/9096099097092/Black-and-White-by-Paul-Volponi.pdf
    • http://loaminoo.linkpc.net/7094097090098093/Black-White-Other-by-Lise-Funderburg.pdf
    • http://loaminoo.linkpc.net/7092092091091096/My-Life-In-Black-And-White-by-Kim-Izzo.pdf
    • http://loaminoo.linkpc.net/4095099096097098/Black-and-White-by-Gilbert-Sorrentino.pdf
    • http://loaminoo.linkpc.net/4090095094096097/Black-and-White-by-Tiffany-Madison.pdf
    • http://loaminoo.linkpc.net/3091097099092096/Black-Cat-White-Cat-by-Silvia-Borando.pdf
    • http://loaminoo.linkpc.net/4097099092096090/

Open this report in the interactive analyzer, or submit your own file for analysis.