Malicious PDF — malware analysis report

Static analysis result for SHA-256 93db8808c507d7f5…

MALICIOUS

PDF

13.6 KB Created: 2019-04-30 11:20:59 +01:00 Authoring application: mPDF 5.7
MD5: 901d8b37e0f2f5361ed8c2b9f4e5e52d SHA-1: 0102eb2fb796c011a740c119db8c9bb7b0eeff5d SHA-256: 93db8808c507d7f5d34679776d60e1ede7b86a2c6ab32f8670adfc337760b071
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The document body also contains these URLs, suggesting the primary purpose is to redirect users to a site that hosts these files. While the URLs themselves are currently classified as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or as a distribution point for further malicious content. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2095092094098094/The-Color-of-Magic-Discworld-1-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3094097094096099/The-Last-Hero-A-Discworld-Fable-Discworld-27-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1098096091096094/The-Art-of-Discworld-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/6099098090095/Mort-Discworld-4-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3090091092099098/The-Wee-Free-Men-Discworld-30-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/2091097099092094/Going-Postal-Discworld-33-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/5095097095097/Discworld-Companion-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/8094098093092/The-Truth-Discworld-25-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/4095091099097092/The-Wee-Free-Men-Discworld-30-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/8096094098094/Pyramids-Discworld-7-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/4093090094099094/Mort-Discworld-4-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3090093096097090/Eric-Discworld-9-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1098091090092099/The-Fifth-Elephant-Discworld-24-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3090092098099090/The-Last-Continent-Discworld-22-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1093099099098091/The-Science-of-Discworld-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/6098090096093/The-Wee-Free-Men-Discworld-30-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/2097096091091092/Witches-Abroad-Discworld-12-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3094098093092/The-Last-Hero-Discworld-27-Rincewind-7-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3093090094092/Reaper-Man-Discworld-11-Death-2-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/3092096099096/Small-Gods-Discworld-13-by-Terry-Pratchett.pdf
    • http://loaminoo.linkpc.net/1098091090092099/The-Fifth-Elephant-Discworld-24-b

Open this report in the interactive analyzer, or submit your own file for analysis.