Malicious PDF — malware analysis report

Static analysis result for SHA-256 97067a141749b2ac…

MALICIOUS

PDF

16.2 KB Created: 2019-05-01 19:20:42 +01:00 Authoring application: mPDF 5.7
MD5: 71fa4750159cd310192d6f047d7254b0 SHA-1: 848d16fb6008bcf24c60046232e2c250f2a87f2b SHA-256: 97067a141749b2ac45b8465a26f244c5edc0b0db5485c2f5a43544a7cfc89acf
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malware. ClamAV identified the file as Pdf.Dropper.Agent-7157406-0, indicating its role as a dropper. The embedded URLs, such as http://xiixmcuin.linkpc.net/4208207204200203/Adam-s-Task-Calling-Animals-by-Name-by-Vicki-Hearne.pdf, are likely used to host or redirect to malicious payloads.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7157406-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7157406-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.l
    • http://xiixmcuin.linkpc.net/4208207204200203/Adam-s-Task-Calling-Animals-by-Name-by-Vicki-Hearne.pdf
    • http://xiixmcuin.linkpc.net/6206201207200204/These-Animals-Don-t-Want-To-Sleep-Les-animaux-ne-veulent-pas-dormir-The-Book-of-The-Animals-3-by-J-N-Paquet.pdf
    • http://xiixmcuin.linkpc.net/3206204205203205/I-Love-Baby-Animals---Fun-Children-s-Picture-Book-with-Amazing-Photos-of-Baby-Animals-by-David-Chuka.pdf
    • http://xiixmcuin.linkpc.net/1201208201209205207/El-celibato-sacerdotal-Ensayo-n-458-by-Johann-Adam-Adam-M-ller.pdf
    • http://xiixmcuin.linkpc.net/5206201202207209/A-to-Z-of-Silly-Animals-The-Silly-Animals-Series-by-Sprogling.pdf
    • http://xiixmcuin.linkpc.net/6201200201200201/Talking-to-Animals-How-You-Can-Understand-Animals-and-They-Can-Understand-You-by-Jon-Katz.pdf
    • http://xiixmcuin.linkpc.net/4204204203206/Eve-amp-Adam-Eve-amp-Adam-1-by-Michael-Grant.pdf
    • http://xiixmcuin.linkpc.net/7200207204206203/Adam-Smith-Great-Books-of-the-Western-World-36-by-Adam-Smith.pdf
    • http://xiixmcuin.linkpc.net/5206207200205200/I-love-you-1m45-sir-Adam-Cuong-by-Adam-Cuong.pdf
    • http://xiixmcuin.linkpc.net/4205209207207207/The-Poetical-Works-of-Adam-Lindsay-Gordon-by-Adam-Lindsay-Gordon.pdf
    • http://xiixmcuin.linkpc.net/3202208207205206/Katrina-and-the-Animals-by-Tai.pdf
    • http://xiixmcuin.linkpc.net/6201209202200205/The-Flight-Of-The-Animals-by-Claudine.pdf
    • http://xiixmcuin.linkpc.net/7208208202209/We-Animals-by-Jo-Anne-McArthur.pdf
    • http://xiixmcuin.linkpc.net/5205208209206/When-We-Were-Animals-by-Joshua-Gaylord.pdf
    • http://xiixmcuin.linkpc.net/7209206204202/The-Lives-of-Animals-by-J-M-Coetzee.pdf
    • http://xiixmcuin.linkpc.net/5206201202208200/Animals-by-Dawn-Sirett.pdf
    • http://xiixmcuin.linkpc.net/5203209205203/All-the-Little-Animals-by-Walker-Hamilton.pdf
    • http://xiixmcuin.linkpc.net/1208203203201200/So-You-Love-Animals-by-Zoe-Weil.pdf
    • http://xiixmcuin.linkpc.net/2200205204207200/Stories-for-Animals-by-I-H-Smythe.pdf
    • http://xiixmcuin.linkpc.net/3206205200205205/Endangered-Animals-by-Ben-Hoare.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.