Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e8ba29fa9cf5566…

MALICIOUS

PDF

17.3 KB Created: 2019-05-02 18:56:08 +01:00 Authoring application: mPDF 5.7
MD5: f838b325125cc74c59d80256c632d864 SHA-1: dcd8540b19e9a974e57e885c79ea663c706e25a9 SHA-256: 8e8ba29fa9cf5566c1a2f61c17fa10965f9995a6436ddc0448dc6fde02382718
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links to external PDF files hosted on the same domain, suggesting a link farm or content distribution tactic. While no scripts were extracted, the PDF structure itself indicates a malicious intent to direct users to external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1091093092094092098/A-Familiar-Face-by-Andrew-Biss.pdf
    • http://loaminoo.linkpc.net/1091093092095096091/The-Love-Bite-by-Andrew-Biss.pdf
    • http://loaminoo.linkpc.net/1091093092093098099/An-Honest-Mistake-by-Andrew-Biss.pdf
    • http://loaminoo.linkpc.net/9090099099098097/Biss-zum-Morgengrauen-Biss-in-alle-Ewigkeit-Twilight-1-1-75-by-Stephenie-Meyer.pdf
    • http://loaminoo.linkpc.net/1091093092094092096/Monologues-They-ll-Remember-You-By-80-Unique-and-Compelling-Monologues-That-Leave-a-Lasting-Impression-by-Andrew-Biss.pdf
    • http://loaminoo.linkpc.net/3099094095092099/Uncommon-Passion-Uncommon-2-by-Anne-Calhoun.pdf
    • http://loaminoo.linkpc.net/1097097094091096/Uncommon-Pleasure-Uncommon-1-by-Anne-Calhoun.pdf
    • http://loaminoo.linkpc.net/5091093091095094/Strange-Tales-II-by-Jody-LeHeup.pdf
    • http://loaminoo.linkpc.net/1098094093098098/Seven-Strange-and-Ghostly-Tales-by-Brian-Jacques.pdf
    • http://loaminoo.linkpc.net/5096096090094/A-Star-Curiously-Singing-by-Kerry-Nietz.pdf
    • http://loaminoo.linkpc.net/6099090091097099/Redshirt-Strange-amp-Unnatural-Tales-7-by-Kevin-L-O-39-Brien.pdf
    • http://loaminoo.linkpc.net/9095098095097093/Strange-Tales-of-Secret-Lives-by-Jeff-VanderMeer.pdf
    • http://loaminoo.linkpc.net/2096095093093093/Strange-Tales-From-The-Scriptorian-Vaults-by-Sammy-H-K-Smith.pdf
    • http://loaminoo.linkpc.net/3099098092098093/Wanderings-on-Darker-Shores-A-Collection-of-Strange-Tales-and-Poems-by-Cora-Pop.pdf
    • http://loaminoo.linkpc.net/2092097098092/Strange-But-True-America-Weird-Tales-from-All-50-States-by-John-Hafnor.pdf
    • http://loaminoo.linkpc.net/4092091098092092/Passing-Time-Nine-Short-Tales-of-the-Strange-and-Macabre-by-Ellie-Garratt.pdf
    • http://loaminoo.linkpc.net/1091092094098096095/Dead-Men-Do-Tell-Tales-The-Strange-and-Fascinating-Cases-of-a-Forensic-Anthropologist-by-William-R-Maples.pdf
    • http://loaminoo.linkpc.net/3094090094090/The-Strange-Case-of-Dr-Jekyll-and-Mr-Hyde-and-Other-Tales-of-Terror-by-Robert-Louis-Stevenson.pdf
    • http://loaminoo.linkpc.net/6099099094099092/Tales-of-Troy-and-Greece-by-Andrew-Lang.pdf
    • http://loaminoo.linkpc.net/1092091098097090/The-Spirit-of-Glassboro-amp-Other-Tales-of-Terror-by-Andrew-Kraus.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.