Malicious PDF — malware analysis report

Static analysis result for SHA-256 97c37ba0b4ab7120…

MALICIOUS

PDF

27.8 KB Created: 2019-05-07 03:33:32 +01:00 Authoring application: mPDF 5.7
MD5: 22a565f885741c6a63ebd60fe9d8c17f SHA-1: 205c535ccf1e4f934c966cfa95360cb0807e13ee SHA-256: 97c37ba0b4ab712060d805b53b4f3362971d60fbf094200306f08cb9c5e743e8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file contains a large number of embedded links to external PDF documents, hosted on the domain loaminoo.linkpc.net. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. The ML classifier also flagged this PDF with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9908

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1094090094093095/Battle-Retrospect-And-Other-Poems-by-Amos-Niven-Wilder.pdf
    • http://loaminoo.linkpc.net/1091094096096093093/Joh-Amos-Commenii-orbis-sensualium-pictus-hoc-est-omnium-principalium-in-mundo-rerum-amp-in-vita-actionum-pictura-amp-nomenclatura-Joh-Amos-Commenius-s-visible-world-by-Johann-Amos-Comenius.pdf
    • http://loaminoo.linkpc.net/1091094096096094096/Joh-Amos-Commenii-Orbis-Sensualium-Pictus-Hoc-Est-Omnium-Principalium-in-Mundo-Rerum-Et-in-Vita-Actionum-Pictura-Et-Nomenclatura-Joh-Amos-Commenius-s-Visible-World-or-a-Nomenclature-and-Pictures-of-All-the-Chief-Things-That-Are-in-the-World-and-by-Johann-Amos-Commenius.pdf
    • http://loaminoo.linkpc.net/4092095091095097/A-Wilder-Rose-Rose-Wilder-Lane-Laura-Ingalls-Wilder-and-Their-Little-Houses-by-Susan-Wittig-Albert.pdf
    • http://loaminoo.linkpc.net/1099092095093095/Old-English-Poems-Including-Beowulf-Battle-of-Brunanburh-Solomon-and-Saturn-Dream-of-the-Rood-Judith-Poem-Deor-Crist-Widsith-Finnesburg-Fragment-Wulf-and-Eadwacer-the-Wanderer-Poem-the-Seafarer-Poem-the-Wife-s-Lament-Rune-Poems-by-Hephaestus-Books.pdf
    • http://loaminoo.linkpc.net/6093094093090091/The-Diary-Of-Amos-Lee-4-Lights-Camera-Superstar-The-Diary-of-Amos-Lee-4-by-Adeline-Foo.pdf
    • http://loaminoo.linkpc.net/2092098098094095/Composition-in-Retrospect-by-John-Cage.pdf
    • http://loaminoo.linkpc.net/3098093091095095/Murder-in-Retrospect-by-Agatha-Christie.pdf
    • http://loaminoo.linkpc.net/7097092099092096/A-Retrospect-of-the-Autumn-Manoeuvres-With-Five-Plans-by-Recluse.pdf
    • http://loaminoo.linkpc.net/5099094095098090/Compton-In-Retrospect-1880-1950-by-Marcel-Bellavance.pdf
    • http://loaminoo.linkpc.net/7091097092091/Bridget-Wilder-Spy-in-Training-Bridget-Wilder-Series-by-Jonathan-Bernstein.pdf
    • http://loaminoo.linkpc.net/9095093093093095/Feminist-Research-Prospect-and-Retrospect-by-Peta-Tancred-Sheriff.pdf
    • http://loaminoo.linkpc.net/6099099090093097/Mein-Kampf-Vol-1-A-Retrospect-Vol-2-The-National-Socialist-Movement-by-Adolf-Hitler.pdf
    • http://loaminoo.linkpc.net/1093098091097099/West-from-Home-Letters-of-Laura-Ingalls-Wilder-San-Francisco-1915-Little-House-11-by-Laura-Ingalls-Wilder.pdf
    • http://loaminoo.linkpc.net/1096099094095099/A-Little-House-Traveler-Writings-from-Laura-Ingalls-Wilder-s-Journeys-Across-America-by-Laura-Ingalls-Wilder.pdf
    • http://loaminoo.linkpc.net/1090099099099090099/Battle-Gate---Die-Legenden-der-Festung-zwischen-den-Sph-ren-2-1-Bl-ten-des-Kaiserreiches-Battle-Gate-Staffel-2-by-Wotan-Winterschmied.pdf
    • http://loaminoo.linkpc.net/3098095095094095/The-Laura-Ingalls-Wilder-Country-Cookbook-by-Laura-Ingalls-Wilder.pdf
    • http://loaminoo.linkpc.net/1090099099099091093/Battle-Gate-III-Teil-2-Die-R-ckkehr-der-Weltenwanderer-Battle-Gate-Staffel-3-by-Wotan-Winterschmied.pdf
    • http://loaminoo.linkpc.net/2095090094091/Arm-by-Larry-Niven.pdf
    • http://loaminoo.linkpc.net/5097096098096/My-Michael-by-Amos-Oz.pdf
    • http://loaminoo.linkpc.net/409209509109

Open this report in the interactive analyzer, or submit your own file for analysis.