Malicious PDF — malware analysis report

Static analysis result for SHA-256 8f4ea73103d6792a…

MALICIOUS

PDF

14.7 KB Created: 2019-05-04 12:34:13 +01:00 Authoring application: mPDF 5.7
MD5: 2692e4510af7f3716e085aba2b3b62ec SHA-1: 9ca2286dbfac5b41360313c2e1eb7dc22b5f3c28 SHA-256: 8f4ea73103d6792a2de398f172fd26e7a474e65cc084712345b36ef6ac506009
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, likely to direct users to phishing or malware download sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8092093092099098/Blood-Dance-The-Lost-Lansdale-3-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/2092097094098090/Joe-R-Lansdale-s-The-Drive-In-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/4091091093097095/Scrap-by-Emory-Sharplin.pdf
    • http://loaminoo.linkpc.net/9093099093092/The-Downfall-of-Gerdt-Bladh-by-Christer-Kihlman.pdf
    • http://loaminoo.linkpc.net/3095095094097098/Emory-s-Gift-by-W-Bruce-Cameron.pdf
    • http://loaminoo.linkpc.net/1095095093098093/Of-Song-and-Singularity-by-Emory-Skwara.pdf
    • http://loaminoo.linkpc.net/9093093094094096/Graf-amp-Grislawski-A-Pair-of-Aces-by-Christer-Bergstr-m.pdf
    • http://loaminoo.linkpc.net/1098096099096/Islam-Origin-and-Belief-by-Emory-C-Bogle.pdf
    • http://loaminoo.linkpc.net/1090093094098098/A-Hard-Ride-Home-by-Emory-Vargas.pdf
    • http://loaminoo.linkpc.net/1091094093090092098/Operation-Barbarossa-1941-Hitler-against-Stalin-by-Christer-Bergstr-m.pdf
    • http://loaminoo.linkpc.net/6092093099099096/Refractions-of-Mathematics-Education-Festschrift-for-Eva-Jablonka-by-Christer-Bergsten.pdf
    • http://loaminoo.linkpc.net/3094098099091/The-Columbia-Literary-History-of-the-United-States-by-Emory-Elliott.pdf
    • http://loaminoo.linkpc.net/1091094092099096095/Bagration-to-Berlin-The-Final-Air-Battles-in-the-East-1944---1945-by-Christer-Bergstr-m.pdf
    • http://loaminoo.linkpc.net/1090094093098090092/Real-Time-Collision-Detection-The-Morgan-Kaufmann-Series-in-Interactive-3d-Technology-by-Christer-Ericson.pdf
    • http://loaminoo.linkpc.net/8092093093095096/Hyenas-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/3096092097094095/Act-of-Love-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/8092093094092095/The-God-of-the-Razor-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/3097098092095096/The-Nightrunners-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/8092093093099095/Prisoner-489-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/8092093093099097/Hot-in-December-by-Joe-R-Lansdale.pdf
    • http://loaminoo.linkpc.net/3094098099091/The-Columbia-Litera

Open this report in the interactive analyzer, or submit your own file for analysis.