Malicious PDF — malware analysis report

Static analysis result for SHA-256 97c33fd210755485…

MALICIOUS

PDF

13.2 KB Created: 2019-05-02 00:50:31 +01:00 Authoring application: mPDF 5.7
MD5: 99ec78c4964123e0c81762cd020761f0 SHA-1: 56f183dbf1fa0984d6f6affb016fecedce92c3f0 SHA-256: 97c33fd2107554850283da36e6b68d5828aca6b3951d10f32dd6830b6551f8bd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently marked as benign, the heuristic 'PDF_SEO_LINK_FARM' indicates a pattern often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be the distribution of a large number of links, potentially leading to further malicious sites or downloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.l
    • http://loaminoo.linkpc.net/6091099092091099/Sophie-s-World-Sophie-1-by-Nancy-N-Rue.pdf
    • http://loaminoo.linkpc.net/6091099092092092/Sophie-s-Secret-Sophie-2-by-Nancy-N-Rue.pdf
    • http://loaminoo.linkpc.net/5098096098093097/Nothing-Stopped-Sophie-The-Story-of-Unshakable-Mathematician-Sophie-Germain-by-Cheryl-Bardoe.pdf
    • http://loaminoo.linkpc.net/2094094094090090/Sophie-s-Snail-Sophie-1-by-Dick-King-Smith.pdf
    • http://loaminoo.linkpc.net/9099097091097096/Sophie-s-World-by-Jostein-Gaarder.pdf
    • http://loaminoo.linkpc.net/4090094098096093/Sophie-s-World-by-Jostein-Gaarder.pdf
    • http://loaminoo.linkpc.net/3096092090095099/Sophie-s-World-by-Jostein-Gaarder.pdf
    • http://loaminoo.linkpc.net/4092091097091097/Sophie-s-World-A-Novel-about-the-History-of-Philosophy-by-Jostein-Gaarder.pdf
    • http://loaminoo.linkpc.net/2099098097097090/Away-From-Me-by-Sophie-Oak.pdf
    • http://loaminoo.linkpc.net/9093096090096092/Mindfuck-by-Sophie-Baxter.pdf
    • http://loaminoo.linkpc.net/3093090095090/Can-You-Keep-a-Secret-by-Sophie-Kinsella.pdf
    • http://loaminoo.linkpc.net/2099092098099/Aftertime-by-Sophie-Littlefield.pdf
    • http://loaminoo.linkpc.net/2090096091098091/Tempting-Sophie-by-Zoe-Mullins.pdf
    • http://loaminoo.linkpc.net/1099091097091093/Melbourne-by-Sophie-Cunningham.pdf
    • http://loaminoo.linkpc.net/2099096093091094/Sophie-Paraskova-by-M-Newman.pdf
    • http://loaminoo.linkpc.net/2090095091093094/Fairy-Book-by-Sophie-May.pdf
    • http://loaminoo.linkpc.net/8090099096093/I-ve-Got-Your-Number-by-Sophie-Kinsella.pdf
    • http://loaminoo.linkpc.net/3090092096099093/One-Night-With-You-by-Sophie-Jordan.pdf
    • http://loaminoo.linkpc.net/9092095095099090/Spy-Island-by-Sophie-Schiller.pdf
    • http://loaminoo.linkpc.net/3096096094098097/The-Royal-Her-by-Sophie-Stern.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.