Malicious PDF — malware analysis report

Static analysis result for SHA-256 8503ecd26cdd714c…

MALICIOUS

PDF

14.3 KB Created: 2019-04-30 04:15:47 +01:00 Authoring application: mPDF 5.7
MD5: c13586cbf822c590b91edd8b93c4216b SHA-1: 57ec64baba356ede1a4c94c08ee47be13a01c479 SHA-256: 8503ecd26cdd714c72950e8450f88ec1986eaf670aaa73d081ee07e3752cc0e1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files. The heuristic 'PDF_SEO_LINK_FARM' indicates these links are likely part of an SEO manipulation scheme or a link farm designed to distribute malicious content. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5096098099099091/El-Hombre-Invisible-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/2091097096092099/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6090092093097097/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/8099091095096098/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/6091099091099090/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/7092091095098097/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/7091093094098098/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/9095090099094095/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/8095092099099099/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5090093099097099/The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/8092097094093093/The-Invisible-Man---Class-12-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/7097091093090096/The-Invisible-Man-Pre-Intermediate-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/1090094098093099098/Together-with-The-Invisible-Man-Class--XII-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/3094094093093093/The-Time-Machine-The-Invisible-Man-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5098096097092096/The-Invisible-Man-HCR104fm-Edition-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/8090093090093096/The-Invisible-Man-Color-Illustrated-Formatted-for-E-Readers-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/8090098090094096/The-Invisible-Man-Annotated-Student-and-Teacher-Edition-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/9098095093090095/The-Island-of-Doctor-Moreau-by-H-G-Wells-Illustrated-Delphi-Parts-Edition-H-G-Wells-by-H-G-Wells.pdf
    • http://loaminoo.linkpc.net/5095099090096092/Y-el-ltimo-hombre-Vol-4-Palabra-de-seguridad-Y-The-Last-Man-4-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/9095092098096095/La-epopeya-de-Gilgamesh-El-gran-hombre-que-no-quer-a-morir-by-Anonymous.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.