Malicious PDF — malware analysis report

Static analysis result for SHA-256 944899f5a1a5530b…

MALICIOUS

PDF

13.8 KB Created: 2020-03-20 15:00:32 +00:00 Authoring application: mPDF 5.7
MD5: 650c2ae22e7d292adb7cbf89f8ef3b91 SHA-1: 5caa6b8fc9ec959280a26c28163021adede30aa6 SHA-256: 944899f5a1a5530b471fe8eacb76c4ed70f758b71ba435d3ee93db0e73fbe1dc
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded URLs pointing to external websites. The heuristic 'PDF_SEO_LINK_FARM' indicates this is a link farm, likely intended to drive traffic or host malicious content. The document body itself contains these URLs, suggesting the primary purpose is to redirect the user. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://weisncio.myhome.cx/4621625629627/The-Immortal-Hunter-Argeneau-11-Rogue-Hunter-2-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/4623629622626627/The-Immortal-Hunter-Argeneau-11-Rogue-Hunter-2-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/2628625623621625/The-Renegade-Hunter-Argeneau-12-Rogue-Hunter-3-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/3629629626628/Immortal-Ever-After-Argeneau-18-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/4620629626/Immortal-Nights-Argeneau-24-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/1629620621627627/Immortal-Unchained-Argeneau-25-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/5620625627620627/Immortal-Nights-Argeneau-24-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/2620627627621628/About-a-Vampire-Argeneau-22-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/2621624623621626/About-a-Vampire-Argeneau-22-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/4622628626620620/About-a-Vampire-Argeneau-22-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/3629629625625/Vampires-are-Forever-Argeneau-8-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/5624623627624623/Runaway-Vampire-An-Argeneau-Novel-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/3627625625622/The-Accidental-Vampire-Argeneau-7-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/2626620621620624/Vampire-Interrupted-Argeneau-9-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/2627620622/Runaway-Vampire-Argeneau-23-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/4628620622624/Under-a-Vampire-Moon-Argeneau-16-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/3629620629624/Love-Bites-Argeneau-2-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/4627622627620/The-Lady-is-a-Vamp-Argeneau-17-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/3623626627629624/A-Bite-to-Remember-Argeneau-5-by-Lynsay-Sands.pdf
    • http://weisncio.myhome.cx/3625626629626622/The-Vampire-Collection-Argeneau-1-6-by-Lynsay-Sands.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.