Malicious PDF — malware analysis report

Static analysis result for SHA-256 9afc9043a42a0d84…

MALICIOUS

PDF

14.5 KB Created: 2019-04-30 05:37:57 +01:00 Authoring application: mPDF 5.7
MD5: 85d7e0b0d06047ef54faa7f89982ce30 SHA-1: dca5ea53505731475127cb5be2b92ed098ad01bd SHA-256: 9afc9043a42a0d84ae956b4de587c074f78df95d1e38f20d6f24609765632221
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on loaminoo.linkpc.net. While the individual linked PDFs are marked as benign, the sheer volume and structure suggest a link farm or traffic redirection scheme, which is a common tactic for distributing malware or phishing content. No scripts were extracted, and the document body was unreadable, limiting further analysis.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7099092094099/The-Way-Of-A-Man-by-Frans-Eemil-Sillanp-.pdf
    • http://loaminoo.linkpc.net/3092097098095098/De-kip-die-over-de-soep-vloog-by-Frans-Pointl.pdf
    • http://loaminoo.linkpc.net/2099097099093099/Dibdin-in-Paris-by-Frans-A-Janssen.pdf
    • http://loaminoo.linkpc.net/2095090090093097/The-Long-Ships-by-Frans-G-Bengtsson.pdf
    • http://loaminoo.linkpc.net/9098096093093094/Concordant-Reference-by-Frans-Vermeulen.pdf
    • http://loaminoo.linkpc.net/2095094091098099/Our-Inner-Ape-A-Leading-Primatologist-Explains-Why-We-Are-Who-We-Are-by-Frans-de-Waal.pdf
    • http://loaminoo.linkpc.net/1090094096096098095/Frogs-2006-Calendar-by-Frans-Lauting.pdf
    • http://loaminoo.linkpc.net/8090091098097092/Studie-Over-Het-Anarchisme-Van-de-Daad-by-Frans-Bernard-Enthoven.pdf
    • http://loaminoo.linkpc.net/1091098090098098097/The-Ape-and-the-Sushi-Master-Reflections-of-a-Primatologist-by-Frans-de-Waal.pdf
    • http://loaminoo.linkpc.net/1091091094096091094/De-dictatuur-van-het-simplisme-Over-cultuur-in-de-tijd-van-de-media-by-Frans-Aerts.pdf
    • http://loaminoo.linkpc.net/1090095095090093091/Children-Types-56-Homeopathic-Constitutional-Remedies-by-Frans-Kusse.pdf
    • http://loaminoo.linkpc.net/8096092095098094/Science-Strategy-and-War-The-Strategic-Theory-of-John-Boyd-by-Frans-P-B-Osinga.pdf
    • http://loaminoo.linkpc.net/5097096095090096/Frans-van-Cauwelaert-en-de-barst-in-Belgi-1910-1919-by-Lode-Wils.pdf
    • http://loaminoo.linkpc.net/1091099092098099090/My-Family-Album-Thirty-Years-of-Primate-Photography-by-Frans-de-Waal.pdf
    • http://loaminoo.linkpc.net/5096095098091090/The-Pastoral-Circle-Revisited-A-Critical-Quest-for-Truth-and-Transformation-by-Frans-Wijsen.pdf
    • http://loaminoo.linkpc.net/2097093098098097/The-Passionate-One-by-Jeanette-Lewis.pdf
    • http://loaminoo.linkpc.net/2091096095091097/Passionate-Bid-by-Tierney-O-39-Malley.pdf
    • http://loaminoo.linkpc.net/4097092092096091/Passionate-by-Sotia-Lazu.pdf
    • http://loaminoo.linkpc.net/5090091090097095/The-Passionate-Imposter-by-Angela-Amos.pdf
    • http://loaminoo.linkpc.net/8099091097099095/Passionate-Latitudes-by-Corrine-Bryant.pdf
    • http://loaminoo.linkpc.net/1091091094096091094/De-dicta

Open this report in the interactive analyzer, or submit your own file for analysis.