Malicious PDF — malware analysis report

Static analysis result for SHA-256 9af108fa2d2ea29f…

MALICIOUS

PDF

15.0 KB Created: 2019-05-02 06:17:00 +01:00 Authoring application: mPDF 5.7
MD5: af697fe46886a1c85cfdd5733bc20812 SHA-1: 3e288f4035f938f652304552fb3e5022f3e4e557 SHA-256: 9af108fa2d2ea29f79378cc960e4dd2eba40d95d96b52abd47ba4b91b92499c2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the individual URLs are currently marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent to direct users to external content. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1093099091099091/Breakfast-with-Scot-by-Michael-Downing.pdf
    • http://loaminoo.linkpc.net/2090093094091092/Wife-by-Agreement-by-Kim-Lawrence.pdf
    • http://loaminoo.linkpc.net/6098098093096091/The-Heir-Agreement-by-Kenzie-Leon.pdf
    • http://loaminoo.linkpc.net/2091093099092096/The-Boyfriend-Agreement-St-Mary-s-Academy-1-by-Seven-Steps.pdf
    • http://loaminoo.linkpc.net/4096098099099097/Master-of-Emotion-The-Agreement-by-Sean-Duenser.pdf
    • http://loaminoo.linkpc.net/4091096090094/Getting-to-Yes-Negotiating-Agreement-Without-Giving-In-by-Roger-Fisher.pdf
    • http://loaminoo.linkpc.net/8090097099091091/Ashton---The-Agreement-A-Cocky-Smiling-O-2-by-Jade-Sinner.pdf
    • http://loaminoo.linkpc.net/3092090098095095/The-Fifth-Agreement-A-Practical-Guide-to-Self-Mastery-by-Miguel-Ruiz.pdf
    • http://loaminoo.linkpc.net/4094096093090091/A-Carnal-Agreement-Regency-Intrigue-1-by-Silvia-Violet.pdf
    • http://loaminoo.linkpc.net/4092092097098092/To-The-Last-Ridge-by-W-H-Downing.pdf
    • http://loaminoo.linkpc.net/1094095093091094/A-Perfect-Mistake-Hope-Parish-2-A-Perfect-Secret-2-by-Zoe-Dawson.pdf
    • http://loaminoo.linkpc.net/9091090098097094/Syntactic-Atlas-of-the-Dutch-Dialects-Volume-I-Pronouns-Agreement-and-Dependencies-by-Sjef-Barbiers.pdf
    • http://loaminoo.linkpc.net/3096096095093093/In-Just-that-Perfect-Moment-The-Perfect-World-2-by-Samantha-L-Hardison.pdf
    • http://loaminoo.linkpc.net/2091092096097093/A-Place-Called-Perfect-Perfect-1-by-Helena-Duggan.pdf
    • http://loaminoo.linkpc.net/3090094095099097/Look-for-Me-by-Moonlight-by-Mary-Downing-Hahn.pdf
    • http://loaminoo.linkpc.net/4093094099096092/Trained-for-Seduction-Spy-Games-1-by-Mia-Downing.pdf
    • http://loaminoo.linkpc.net/1091093097097093/Awake-In-Hell-by-Helen-Downing.pdf
    • http://loaminoo.linkpc.net/1096095095094098/Drive-Me-Crazy-by-Erin-Downing.pdf
    • http://loaminoo.linkpc.net/2099097093090094/Lethal-Limits-Spy-Games-2-by-Mia-Downing.pdf
    • http://loaminoo.linkpc.net/8090097094092/Look-for-Me-by-Moonlight-by-Mary-Downing-Hahn.pdf
    • http://loaminoo.linkpc.net/1094095093091

Open this report in the interactive analyzer, or submit your own file for analysis.