Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ae2339b6cbb8d36…

MALICIOUS

PDF

13.3 KB Created: 2019-04-30 05:46:22 +01:00 Authoring application: mPDF 5.7
MD5: 4368175895718ab5cac850df2419332b SHA-1: 5606f52698814fd8c74a716a90d8781de265ec7e SHA-256: 9ae2339b6cbb8d36f7ff69afce29017eca7f667cb1f4395657e460b5921f89cf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs, many of which are structured with numeric slugs, indicating a potential SEO link farm or content-spinning operation. The heuristic 'PDF_SEO_LINK_FARM' confirms this, identifying a mass external PDF link farm. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1098096091093096/Highway-Revenge-Revenge-1-by-Nadine-Millard.pdf
    • http://loaminoo.linkpc.net/5096099095093/Ariana-s-Revenge-by-Nadine-Frye.pdf
    • http://loaminoo.linkpc.net/3099091098099092/Revenge-Volume-2-Revenge-2-by-J-J-Knight.pdf
    • http://loaminoo.linkpc.net/2097090099090098/Revenge-Revenge-1-by-J-J-Knight.pdf
    • http://loaminoo.linkpc.net/1093093092099/Rapunzel-s-Revenge-Rapunzel-s-Revenge-1-by-Shannon-Hale.pdf
    • http://loaminoo.linkpc.net/1092090091096090/Revenge-Of-The-Wolf-Revenge-Of-The-Wolf-1-by-Skyler-Patterson.pdf
    • http://loaminoo.linkpc.net/9094098094091094/Masamune-kun-no-Revenge-Vol-06-Masamune-kun-no-Revenge-6-by-Hazuki-Takeoka.pdf
    • http://loaminoo.linkpc.net/1097096091093099/Echo-s-Revenge-Echo-s-Revenge-1-by-Sean-Austin.pdf
    • http://loaminoo.linkpc.net/2095099096095091/Revenge-by-Nigel-May.pdf
    • http://loaminoo.linkpc.net/3098090096090097/Revenge-on-the-Fly-by-Sylvia-McNicoll.pdf
    • http://loaminoo.linkpc.net/1091098090096095098/Rendezvous-With-Revenge-by-Miranda-Lee.pdf
    • http://loaminoo.linkpc.net/1092097090092098/Key-West-Revenge-by-Lee-A-Sweetapple.pdf
    • http://loaminoo.linkpc.net/1091090096093092095/Revenge-Nibelungenlied-2-by-Jim-Staack.pdf
    • http://loaminoo.linkpc.net/5096090092099/Revenge-by-Stevie-Turner.pdf
    • http://loaminoo.linkpc.net/8095092098092099/Gravity-s-Revenge-by-A-E-Marling.pdf
    • http://loaminoo.linkpc.net/3094097091092091/Lucas-Revenge-by-sweetdreamer33.pdf
    • http://loaminoo.linkpc.net/3094098095096096/Revenge-by-Christine-Carminati.pdf
    • http://loaminoo.linkpc.net/7094097091091093/Payment-of-Revenge-by-Roy-Station.pdf
    • http://loaminoo.linkpc.net/2094096098097093/The-Charm-of-Revenge-by-Tom-Secret.pdf
    • http://loaminoo.linkpc.net/5090091098093092/Exact-Revenge-by-Tim-Green.pdf
    • http://loaminoo.linkpc.net/1091090096093092095/R

Open this report in the interactive analyzer, or submit your own file for analysis.