Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ba8e1a803fe66f2…

MALICIOUS

PDF

15.2 KB Created: 2019-04-30 04:08:59 +01:00 Authoring application: mPDF 5.7
MD5: 962cbdc06f4a1e04b81c01e6eb5b2e94 SHA-1: fa174e16e98ebc57968f2b4ee1c4f0ad9e92e146 SHA-256: 9ba8e1a803fe66f26cadf36c81f667b35888393c1b0389a14a68535004062457
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified as a link farm. These URLs point to what appear to be book titles, but the sheer volume and the use of a dynamic DNS hostname suggest a potential SEO poisoning or phishing campaign. No scripts were extracted, and the document body was unreadable, limiting further analysis of the immediate intent beyond link distribution.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1096093099093090/Betrayal-Star-Wars-Legacy-of-the-Force-1-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/1099090095093093/Solo-Command-Star-Wars-X-Wing-7-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/1090097092090/Backlash-Star-Wars-Fate-of-the-Jedi-4-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/1096095099096099/Outcast-Star-Wars-Fate-of-the-Jedi-1-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/1097098097092092/Mercy-Kill-Star-Wars-X-Wing-10-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/3093099093091095/Starfighters-of-Adumar-Star-Wars-X-Wing-9-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/3093099097091095/Rebel-Stand-Enemy-Lines-2-Star-Wars-The-New-Jedi-Order-12-by-Aaron-Allston.pdf
    • http://loaminoo.linkpc.net/3093099091092098/Sacrifice-Star-Wars-Legacy-of-the-Force-5-by-Karen-Traviss.pdf
    • http://loaminoo.linkpc.net/3093099097091090/Star-Wars-Vol-2-Showdown-on-the-Smuggler-s-Moon-Star-Wars-2-by-Jason-Aaron.pdf
    • http://loaminoo.linkpc.net/3093099097094092/Star-Wars-Vol-4-Last-Flight-of-the-Harbinger-Star-Wars-4-by-Jason-Aaron.pdf
    • http://loaminoo.linkpc.net/3093099097093099/Star-Wars-Vol-3-Rebel-Jail-Star-Wars-3-by-Jason-Aaron.pdf
    • http://loaminoo.linkpc.net/6096099092099/The-Force-Unleashed-Star-Wars-The-Force-Unleashed-1-by-Sean-Williams.pdf
    • http://loaminoo.linkpc.net/5098098094097091/Star-Wars-The-Force-Unleashed-II-The-Force-Unleashed-2-by-W-Haden-Blackman.pdf
    • http://loaminoo.linkpc.net/3094090091090091/Star-Wars-Visionaries-by-Aaron-McBride.pdf
    • http://loaminoo.linkpc.net/4090097090093094/Star-Wars-The-Force-Awakens-by-Alan-Dean-Foster.pdf
    • http://loaminoo.linkpc.net/3093099091090093/Patterns-of-Force-Star-Wars-Coruscant-Nights-3-by-Michael-Reaves.pdf
    • http://loaminoo.linkpc.net/3093099093093093/The-Unifying-Force-Star-Wars-The-New-Jedi-Order-19-by-James-Luceno.pdf
    • http://loaminoo.linkpc.net/2094091097099092/Star-Wars-Dawn-of-the-Jedi-Volume-1-Force-Storm-by-John-Ostrander.pdf
    • http://loaminoo.linkpc.net/1099099096093098/Refugee-Force-Heretic-2-Star-Wars-The-New-Jedi-Order-16-by-Sean-Williams.pdf
    • http://loaminoo.linkpc.net/5095094090090095/1-Voyage-vers-Star-Wars-Le-r-veil-de-la-force---La-cavale-du-contrebandier-by-Greg-Rucka.pdf
    • http://loaminoo.linkpc.net/3093099097093099/Star-Wars-Vol-3-Rebel-Jail-Star-

Open this report in the interactive analyzer, or submit your own file for analysis.