Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d35e2306d6aaf75…

MALICIOUS

PDF

13.9 KB Created: 2019-04-30 05:38:48 +01:00 Authoring application: mPDF 5.7
MD5: 8c4b029b8c349ef88dcac77756334117 SHA-1: f715b0982f9464c8fc32a15c58f79ff0e4327147 SHA-256: 9d35e2306d6aaf75e0e4f77ebe1d89f293e75d10150994bdb8f0ffbe9ef75ce0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external resources, as indicated by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to act as a landing page for further exploitation. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkp
    • http://loaminoo.linkpc.net/9098098099095095/Troublemakers-Stories-by-Harlan-Ellison-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/9098099090093093/The-Harlan-Ellison-Hornbook-Harlan-Ellison-s-Movie-Edgeworks-3-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/2096091097094/The-Essential-Ellison-A-50-Year-Retrospective-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/9098099090092098/The-Harlan-Ellison-Hornbook-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/2096093094090/Harlan-Ellison-s-Watching-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/9098099090093091/Harlan-Ellison-s-7-Against-Chaos-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/2094096092096/The-Essential-Ellison-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/4099091092094092/Vic-and-Blood-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/4094095099092094/Stalking-the-Nightmare-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/3091098096091090/An-Edge-in-My-Voice-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/4094095099094098/Approaching-Oblivion-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/3099090093090094/Memos-From-Purgatory-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/4096096097092093/Dangerous-Visions-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/1095094093099091/A-Boy-and-His-Dog-amp-quot-Repent-Harlequin-quot-said-the-Ticktockman-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/2094096096092/-quot-Repent-Harlequin-quot-Said-the-Ticktockman-by-Harlan-Ellison.pdf
    • http://loaminoo.linkpc.net/2099099091093095/Harlan-s-Race-Harlan-s-Story-2-by-Patricia-Nell-Warren.pdf
    • http://loaminoo.linkpc.net/8090097095091091/Dead-Ends-Stories-from-the-Gothic-South-by-J-T-Ellison.pdf
    • http://loaminoo.linkpc.net/4098092094097096/Because-of-Ellison-by-M-S-Willis.pdf
    • http://loaminoo.linkpc.net/8096091091/Tear-Me-Apart-by-J-T-Ellison.pdf
    • http://loaminoo.linkpc.net/3091091090090/Invisible-Man-by-Ralph-Ellison.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.