Malicious PDF — malware analysis report

Static analysis result for SHA-256 8fb83bdff155a639…

MALICIOUS

PDF

15.5 KB Created: 2019-05-07 03:39:17 +01:00 Authoring application: mPDF 5.7
MD5: cdaaf8e2122ac9c2d110117be2d6cebb SHA-1: cdddd768957a32f69742ca12dbf2aa7da2a185d9 SHA-256: 8fb83bdff155a639c282204333b9772bbafaa37ee0edd8c063294a154cda39a9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF document was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs, many of which are numeric slugs pointing to book titles, suggesting a link farm or SEO poisoning tactic. The primary attack pattern involves leveraging these numerous links to potentially redirect users to malicious sites or phishing pages.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1096093090092093/Fire-and-Illusion-Blood-and-Gold-2-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1091091092092090/Smoke-and-Magic-Blood-and-Gold-1-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/2091093096098091/Run-The-Hunted-1-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1092096095091099/Run-The-Hunted-1-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096093090091099/Prince-Nameless-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096092097093092/Foresight-Helios-Oracles-1-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096092099095097/Girl-Incredible-Kit-MacLean-1-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096092097093090/Weregirl-The-Lychos-Cycle-1-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096093090092097/Ancient-Ways-Hayle-Coven-15-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096093090092099/Queen-of-Darkness-Hayle-Coven-12-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/4093098093097090/The-Long-Lost-Hayle-Coven-5-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/1096093090090095/Dark-Brother-Hayle-Coven-Destinies-7-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/6092095097095/A-Storm-of-Swords-Blood-and-Gold-A-Song-of-Ice-and-Fire-3-Part-2-of-2-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/8095098092096/A-Storm-of-Swords-Part-2-Blood-and-Gold-A-Song-of-Ice-and-Fire-3-part-2-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/1096093090092094/Coven-Leader-Hayle-Coven-19-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/8091090099091091/Clone-One-The-Clone-Chronicles-3-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/8091090099090098/Clone-Two-The-Clone-Chronicles-2-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/8091090099097098/Clone-Three-Clone-Two-Clone-One-The-Clone-Chronicles-1-3-by-Patti-Larsen.pdf
    • http://loaminoo.linkpc.net/7094096099097094/Lily-s-Fire-by-Lise-Gold.pdf
    • http://loaminoo.linkpc.net/2099096094093090/An-Intimation-of-Things-Distant-The-Collected-Fiction-of-Nella-Larsen-by-Nella-Larsen.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.