Malicious PDF — malware analysis report

Static analysis result for SHA-256 829f97bd77145018…

MALICIOUS

PDF

12.6 KB Created: 2019-05-02 02:47:45 +01:00 Authoring application: mPDF 5.7
MD5: 22493e11315d05c6006b787bd2e4944d SHA-1: c538db5154342a03d217256424ae5f2106042efd SHA-256: 829f97bd77145018f72f41437bd7d296d23a51d045370545754c594d8aeafd9e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, suggesting a link farm or distribution mechanism. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with a dominant host of 'loaminoo.linkpc.net'. While no scripts were extracted, the sheer volume of links and the ML classification point towards a malicious intent, likely to lure users to malicious content or for SEO abuse.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/6095092099095095/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3092094090096/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/5090090097090093/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4092099095091099/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3096092095091/Beginnings-Obsidian-amp-Onyx-Lux-1-2-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4098093093092094/Shadows-Lux-0-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3093092092093099/Opal-Lux-3-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/6095093091093098/Opposition-Lux-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4096094094090/Opposition-Lux-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3092098094091/Origin-Lux-4-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4090091097093096/Oblivion-Lux-1-5-2-5-3-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3090097091099/Onyx-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/6094091095/If-There-s-No-Tomorrow-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4096094093098/Don-t-Look-Back-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/6095093091094096/Apollyon-Covenant-4-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/7092093/The-Dead-List-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/2091093091091095/Daimon-Covenant-0-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3092092093093099/Pure-Covenant-2-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/6095093091093099/Pure-Covenant-2-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/4099098096096090/Elixir-Covenant-3-5-by-Jennifer-L-Armentrout.pdf
    • http://loaminoo.linkpc.net/3090097091099/Onyx-by-Jennifer-L-Armentrout.pd

Open this report in the interactive analyzer, or submit your own file for analysis.