Malicious PDF — malware analysis report

Static analysis result for SHA-256 93d8d2cd47fb0b6d…

MALICIOUS

PDF

15.3 KB Created: 2019-04-30 02:39:46 +01:00 Authoring application: mPDF 5.7
MD5: 8f2ce31c584e2cdc60a2d45bcafaf08b SHA-1: 0860218bab7afed2ebe7b6ac8bbb3d9df90c63cd SHA-256: 93d8d2cd47fb0b6dc419de2eba3f28ecfb23582baa068198406112ee1d559a75
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, likely for SEO manipulation or to redirect users to malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7096099091098092/Starring-Jessica-Sweet-Valley-High-71-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/4098099095091093/Sweet-Valley-High-Collection-Double-Love-Secrets-Playing-with-Fire-Sweet-Valley-High-1-3-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/2090091094090095/The-Fowlers-of-Sweet-Valley-Sweet-Valley-High-Magna-Editions-11-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/7097092099092/Jessica-Jessica-Trouble-Sweet-Valley-Kids-59-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096093095091/Deceptions-Sweet-Valley-High-14-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096096090097/Troublemaker-Sweet-Valley-High-47-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6097095096093095/Lovestruck-Sweet-Valley-High-27-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/2092094092095096/On-the-Edge-Sweet-Valley-High-40-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/3097097091095095/Third-Wheel-Sweet-Valley-Jr-High-12-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096094091090/Memories-Sweet-Valley-High-24-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/1091090093090097/Double-Love-Sweet-Valley-High-1-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/3097096093094097/The-Evil-Twin-Sweet-Valley-High-100-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/9091096090095099/Hard-Choices-Sweet-Valley-High-43-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096096090099/Bitter-Rivals-Sweet-Valley-High-29-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/1090099093094098096/College-Weekend-Sweet-Valley-High-118-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/4098091099094097/Head-Over-Heels-Sweet-Valley-High-18-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096094091091/Racing-Hearts-Sweet-Valley-High-9-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096093090095/All-Night-Long-Sweet-Valley-High-5-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/4096099096093096/Steven-s-Bride-Sweet-Valley-High-83-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/6099096094091095/Too-Good-to-be-True-Sweet-Valley-High-11-by-Francine-Pascal.pdf
    • http://loaminoo.linkpc.net/1091090093090097/Doub

Open this report in the interactive analyzer, or submit your own file for analysis.