Malicious PDF — malware analysis report

Static analysis result for SHA-256 87019751ae847f55…

MALICIOUS

PDF

14.2 KB Created: 2019-04-30 02:46:55 +01:00 Authoring application: mPDF 5.7
MD5: 864c19f551421fcff3ba76cebc02797a SHA-1: 1a04d2e51c71b742053fb7edcce3cff794bd44d8 SHA-256: 87019751ae847f55e4b282b2d3ad8b0d1dc4acfbfc013cb1d927bb46e0b5a7a0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, identified as a link farm. The primary heuristic indicates this is a critical finding, suggesting the document is designed to direct users to a large collection of external resources. While no scripts were extracted, the sheer volume of links and their structure suggest a malicious intent, possibly for SEO spam or to distribute further malicious content.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3094093093099095/On-Basilisk-Station-Honor-Harrington-1-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/5090093098096092/On-Basilisk-Station-Honor-Harrington-1-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2095099093091090/Echoes-of-Honor-Honor-Harrington-8-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/3093095090095091/The-Honor-of-the-Queen-Honor-Harrington-2-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2091099096099094/War-of-Honor-Honor-Harrington-10-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2095097093095092/Field-of-Dishonor-Honor-Harrington-4-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2095099099092096/Ashes-of-Victory-Honor-Harrington-9-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/5098091090091097/La-Couronne-des-esclaves-Honor-Harrington-Universe---Wages-of-Sin-T1-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/6095096092095095/Torche-de-la-libert-Honor-Harrington-Universe---Wages-of-Sin-T2-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/1091090096090090/A-Beautiful-Friendship-Honorverse-Stephanie-Harrington-1-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/3094093095096097/Beginnings-Worlds-of-Honor-6-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2091099097096096/In-Fire-Forged-Worlds-of-Honor-5-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/4092095092096091/Worlds-of-Honor-Worlds-of-Honor-2-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/6096096096093097/Call-to-Honor-Team-Poseidon-1-by-Tawny-Weber.pdf
    • http://loaminoo.linkpc.net/3097099096098092/The-Warmasters-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/3092092090093095/Zoo-Station-John-Russell-1-by-David-Downing.pdf
    • http://loaminoo.linkpc.net/3090092092096/A-Rising-Thunder-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/4092095090098091/Crusade-Starfire-2-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/4092094098091090/March-to-the-Sea-Empire-of-Man-2-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2091096091095090/The-Sword-of-the-South-War-God-5-by-David-Weber.pdf
    • http://loaminoo.linkpc.net/2091099097096096/In-Fire-Forged-Worl

Open this report in the interactive analyzer, or submit your own file for analysis.