Malicious PDF — malware analysis report

Static analysis result for SHA-256 93de1b8290307aa2…

MALICIOUS

PDF

39.3 KB Created: 2019-05-02 18:32:58 +01:00 Authoring application: mPDF 5.7
MD5: 0dd26fe1ffe6abbc0da6ea600396fcc6 SHA-1: e03cec50d7e925652397781b9526ad83688ed61f SHA-256: 93de1b8290307aa2843621eb80f419deb78e57b236b8f9a728669c84eef7a5dc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links identified. The ML classifier also strongly indicated maliciousness. While the URLs themselves are currently marked as benign, the sheer volume and the nature of the heuristic suggest an intent to manipulate search results or redirect users to potentially harmful sites. No scripts were extracted, and the document body contained mostly binary garbage with embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9894

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1090095092098095090/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXVI-2004---In-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://loaminoo.linkpc.net/1090095092098095092/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXIX-2007---In-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://loaminoo.linkpc.net/1090095092098094096/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXII-2000---In-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://loaminoo.linkpc.net/1090095092097098092/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXIX-2007-in-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-Schriften-Der-Grimmelshausen-Gesellschaft-XXIX-2007-in-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-by-Dieter-Breuer.pdf
    • http://loaminoo.linkpc.net/1090095092098099091/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXXI-2009---In-Verbindung-Mit-Dem-Vorstand-Der-Grimmelshausen-Gesellschaft-Und-in-Kooperation-Mit-Der-Kulturstiftung-Der-Barbarossastadt-Gelnhausen--Beitraege-Der-Von-Der-Grimmelshausen-Gesellscha-by-Peter-He-elmann.pdf
    • http://loaminoo.linkpc.net/1090094099099099091/Der-Hans-Jakob-Christoph-Von-Grimmelshausen-Abenteurlicher-Simplicius-Simplicissimus-Neu-an-Tag-Geben-Und-in-Unser-Schriftdeutsch-Gesetzt-Von-Engelbert-Hegaur-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://loaminoo.linkpc.net/1091098096090093094/Mittheilungen-Der-Anthropologischen-Gesellschaft-in-Wien-1882-Vol-11-Der-Neuen-Folge-I-Band-by-Anthropologische-Gesellschaft-in-Wien.pdf
    • http://loaminoo.linkpc.net/7099094094095090/Journal-F-r-Ornithologie-1876-Vol-24-Deutsches-Centralorgan-F-r-Die-Gesammte-Ornithologie-in-Verbindung-Mit-Der-Allgemeinen-Deutschen-Ornithologischen-Gesellschaft-in-Berlin-by-Jean-Cabanis.pdf
    • http://loaminoo.linkpc.net/7099094095092092/Journal-F-r-Ornithologie-1886-Vol-34-Deutsches-Centralorgan-F-r-Die-Gesammte-Ornithologie-In-Verbindung-Mit-Der-Allgemeinen-Deutschen-Ornithologischen-Gesellschaft-Zu-Berlin-by-Jean-Cabanis.pdf
    • http://loaminoo.linkpc.net/7099094095092095/Journal-F-r-Ornithologie-1875-Vol-23-Deutsches-Centralorgan-F-r-Die-Gesammte-Ornithologie-in-Verbindung-Mit-Der-Deutschen-Ornithologischen-Gesellschaft-Zu-Berlin-Vierte-Folge-3-Band-by-Jean-Cabanis.pdf
    • http://loaminoo.linkpc.net/1091098095098093097/Mittheilungen-Der-Anthropologischen-Gesellschaft-in-Wien-1880-Vol-9-by-Anthropologische-Gesellschaft-in-Wien.pdf
    • http://loaminoo.linkpc.net/1091096099092093096/Mittheilungen-Der-Afrikanischen-Gesellschaft-in-Deutschland-Volume-4-by-Afrikanische-Gesellschaft-in-Deutschland.pdf
    • http://loaminoo.linkpc.net/1091098095097097099/Mitteilungen-Der-Anthropologischen-Gesellschaft-in-Wien-Vol-36-by-Anthropologische-Gesellschaft-in-Wien.pdf
    • http://loaminoo.linkpc.net/1091098095098094093/Mittheilungen-Der-Anthropologischen-Gesellschaft-in-Wien-Vol-28-by-Anthropologische-Gesellschaft-in-Wien.pdf
    • http://loaminoo.linkpc.net/1091098095099094095/Mittheilungen-Der-Anthropologischen-Gesellschaft-in-Wien-Vol-22-by-Anthropologische-Gesellschaft-in-Wien.pdf
    • http://loaminoo.linkpc.net/1091098095097096098/Mittheilungen-Der-Anthropologischen-Gesellschaft-in-Wien-1907-Vol-37-Der-Dritten-Folge-VII-Band-by-Anthropologischen-Gesellschaft-in-Wien.pdf
    • http://loaminoo.linkpc.net/1090095092097098090/A-Companion-to-the-Works-of-Grimmelshausen-by-Karl-F-Otto-Jr-.pdf
    • http://loaminoo.linkpc.net/1097092097095094/Simplicissimus-by-Hans-Jakob-Christoffel-von-Grimmelshausen.pdf
    • http://loaminoo.linkpc.net/1090095092098099097/The-Adventurous-Simplicissimus-by-Hans-Jacob-Christoph-Von-Grimmelshausen.pdf
    • http://loaminoo.linkpc.net/1090095092098098094/The-Nature-of-Realism-in-Grimmelshausen-s--Simplicissimus--Cycle-of-Novels-by-R-P-T-Aylett.pdf
    • http://loaminoo.linkpc.net/1090095092097098092/Simpliciana-Schriften-Der-Grimmelshausen-Gesellschaft-XXIX-2007-in-Verbindung-Mit-Dem-Vorstand-Der-Grimmelsh

Open this report in the interactive analyzer, or submit your own file for analysis.