Malicious PDF — malware analysis report

Static analysis result for SHA-256 9b1fca2fdc11d712…

MALICIOUS

PDF

14.5 KB Created: 2019-05-01 19:02:46 +01:00 Authoring application: mPDF 5.7
MD5: 5e378b3bfd78637ea8303f5efb32d0f9 SHA-1: bebe2258247a4fa0c9c068043735ea2672587531 SHA-256: 9b1fca2fdc11d7124033b66df33be028a1e0f9d4e5fe6c9fad3254f7e7e4db4e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various PDF documents, suggesting a tactic to manipulate search engine results or distribute content. While the URLs themselves are marked as benign, the sheer volume and the nature of the heuristic indicate a malicious intent, likely related to SEO spam or as a lure for further malicious activity. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.l
    • http://loaminoo.linkpc.net/2099095099097094/Rough-Magic-A-Biography-of-Sylvia-Plath-by-Paul-Alexander.pdf
    • http://loaminoo.linkpc.net/3096090090098/The-Unabridged-Journals-of-Sylvia-Plath-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/6090095091095/Plath-Poems-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/7097095099094090/The-Bell-Jar-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/3092091091096/The-Bell-Jar-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/3093096094090098/The-Bell-Jar-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/7095096099/Ariel-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/7091095095090091/The-Bell-Jar-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/9092097091093092/The-Bell-Jar-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/1099092091097093/The-Bell-Jar-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/3095096098090096/The-Colossus-and-Other-Poems-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/9090097097090/Letters-Home-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/2099096091099098/The-Collected-Poems-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/4098093090098092/Selected-Poems-by-Sylvia-Plath.pdf
    • http://loaminoo.linkpc.net/5091098098097092/Wintering-A-Novel-of-Sylvia-Plath-by-Kate-Moses.pdf
    • http://loaminoo.linkpc.net/4097095094091093/The-Death-and-Life-of-Sylvia-Plath-by-Ronald-Hayman.pdf
    • http://loaminoo.linkpc.net/1095099090091096/Her-Husband-Ted-Hughes-and-Sylvia-Plath---A-Marriage-by-Diane-Wood-Middlebrook.pdf
    • http://loaminoo.linkpc.net/6098096096092099/Ariel-s-Gift-Ted-Hughes-Sylvia-Plath-and-the-Story-of-Birthday-Letters-by-Erica-Wagner.pdf
    • http://loaminoo.linkpc.net/1091093092093091096/Sylvia-Plath-and-the-Language-of-Affective-States-Written-Discourse-and-the-Experience-of-Depression-by-Zsofia-Demjen.pdf
    • http://loaminoo.linkpc.net/1094096098097095/Sylvia-Townsend-Warner-A-Biography-by-Claire-Harman.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.