Malicious PDF — malware analysis report

Static analysis result for SHA-256 8a4b67547297d342…

MALICIOUS

PDF

17.1 KB Created: 2019-04-29 23:40:28 +01:00 Authoring application: mPDF 5.7
MD5: fbbd093b7ebc726f1eab77e45a3f9fee SHA-1: 0dc351888493442ac0478ced6d1c3f612092f8c2 SHA-256: 8a4b67547297d3424bc448c1f2a922fe1dee25d0e30894915cbcdfb5da8d657d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, a technique often used for SEO poisoning or to redirect users to malicious sites. The document body was unreadable, and no scripts were extracted, but the heuristic 'PDF_SEO_LINK_FARM' strongly suggests the intent is to distribute or link to other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2097095099093095/Three-Parts-Dead-Craft-Sequence-1-by-Max-Gladstone.pdf
    • http://loaminoo.linkpc.net/1091093093098093/Five-Parts-Dead-by-Tim-Pegler.pdf
    • http://loaminoo.linkpc.net/3091091092095090/Parts-Parts-1-by-Tedd-Arnold.pdf
    • http://loaminoo.linkpc.net/5090095094093090/Crispin-s-Model-by-Max-Gladstone.pdf
    • http://loaminoo.linkpc.net/8091099098091092/La-machine-influencer-by-Brooke-Gladstone.pdf
    • http://loaminoo.linkpc.net/2097092093098096/Notes-from-the-Internet-Apocalypse-by-Wayne-Gladstone.pdf
    • http://loaminoo.linkpc.net/3097091097091090/Full-Fathom-Five-Craft-Sequence-3-by-Max-Gladstone.pdf
    • http://loaminoo.linkpc.net/6090093099093098/Francais-pour-les-Jeunes-Bk-1-by-Gwladys-Gladstone-Solomon.pdf
    • http://loaminoo.linkpc.net/3092097092095090/The-Ghost-in-the-Shell-Global-Neural-Network-by-Max-Gladstone.pdf
    • http://loaminoo.linkpc.net/3095095096093094/Earthrise-Apollo-8-and-the-Photo-That-Changed-the-World-by-James-Gladstone.pdf
    • http://loaminoo.linkpc.net/4094091094093091/Walt-Disney-s-Donald-Duck-Adventures-The-Golden-Helmet-Gladstone-Comic-Album-Series-No-13-by-Carl-Barks.pdf
    • http://loaminoo.linkpc.net/9098095094092094/The-Parts-I-Remember-The-Parts-I-Remember-1-by-A-K-Mills.pdf
    • http://loaminoo.linkpc.net/4094091091097097/Living-with-the-Dead-Twenty-Years-on-the-Bus-with-Garcia-and-the-Grateful-Dead-by-Rock-Scully.pdf
    • http://loaminoo.linkpc.net/2093090096096095/Dead-by-Midnight-Dead-by-Trilogy-1-Griffin-Powell-11-by-Beverly-Barton.pdf
    • http://loaminoo.linkpc.net/2098099099092096/Child-of-a-Dead-God-Noble-Dead-Series-1-6-by-Barb-Hendee.pdf
    • http://loaminoo.linkpc.net/2093093093099097/Sister-of-the-Dead-Noble-Dead-Series-1-3-by-Barb-Hendee.pdf
    • http://loaminoo.linkpc.net/2096095097099093/The-First-Inspector-Morse-Omnibus-The-Dead-of-Jericho-Service-of-All-the-Dead-the-Silent-World-of-Nicholas-Quinn-by-Colin-Dexter.pdf
    • http://loaminoo.linkpc.net/6094095094098/Dead-Is-a-Killer-Tune-Dead-Is-7-by-Marlene-Perez.pdf
    • http://loaminoo.linkpc.net/4093092095096098/Dead-Even-Dead-3-John-Mancini-5-by-Mariah-Stewart.pdf
    • http://loaminoo.linkpc.net/4093092095096099/Dead-Certain-Dead-2-John-Mancini-4-by-Mariah-Stewart.pdf
    • http://loaminoo.linkpc.net/30950

Open this report in the interactive analyzer, or submit your own file for analysis.