Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6299e16a421f89d…

MALICIOUS

PDF

17.8 KB Created: 2019-04-30 04:08:11 +01:00 Authoring application: mPDF 5.7
MD5: 7322ef720e357578be178b9a4c8b0f41 SHA-1: 27536360505cb06a84224c8d87e86cdf1a0cc677 SHA-256: a6299e16a421f89d98a5b179d2482a60bf0dface66f21ce1b2f2366385f706c5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents. The heuristic PDF_SEO_LINK_FARM indicates this is a link farm, likely intended to drive traffic or distribute malicious content. While the URLs themselves are currently marked as benign, the sheer volume and the use of a dynamic DNS domain suggest a malicious intent to redirect users. No scripts were extracted, limiting further analysis of the payload.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3092092092094091/Other-Side-of-Night-Bastian-amp-Riley-Other-Side-of-Night-1-by-S-L-Armstrong.pdf
    • http://loaminoo.linkpc.net/4099095095094096/Other-Side-of-Night-by-Chris-Martin.pdf
    • http://loaminoo.linkpc.net/2096097092097099/The-Night-Side-of-Nature-by-Catherine-Crowe.pdf
    • http://loaminoo.linkpc.net/2090097096090098/This-Side-of-the-Grave-Night-Huntress-5-by-Jeaniene-Frost.pdf
    • http://loaminoo.linkpc.net/1097099096095/Side-by-Side-Leadership-Achieving-Outstanding-Results-Together-by-Dennis-A-Romig.pdf
    • http://loaminoo.linkpc.net/5091097099091094/Claiming-Abraham-Reading-the-Bible-and-the-Qur-an-Side-by-Side-by-Michael-E-Lodahl.pdf
    • http://loaminoo.linkpc.net/9093091093090096/Three-Translations-of-the-Koran-Al-Qur-an---Side-by-Side-with-Each-Verse-Not-Split-Across-Pages-by-Anonymous.pdf
    • http://loaminoo.linkpc.net/1091090093098095096/Side-by-Side-The-Revolutionary-Mother-Daughter-Program-for-Conflict-Free-Communication-by-Charles-Sophy.pdf
    • http://loaminoo.linkpc.net/1098095094091/Photoshop-Painter-Illustrator-Side-By-Side-by-Wendy-Crumpler.pdf
    • http://loaminoo.linkpc.net/1096090097095092/The-Other-Side-The-Other-Side-Trilogy-Book-1-by-Anna-Marie-McIntyre.pdf
    • http://loaminoo.linkpc.net/8094090094095/The-Dark-Side-of-Midnight-Featuring-The-Other-Side-of-Midnight-Rage-of-Angels-Bloodline-by-Sidney-Sheldon.pdf
    • http://loaminoo.linkpc.net/2099094090091095/Side-by-Side-by-Jenni-L-Walsh.pdf
    • http://loaminoo.linkpc.net/1098097094092090/Night-Shield-amp-Night-Moves-Night-Tales-5-amp-6-by-Nora-Roberts.pdf
    • http://loaminoo.linkpc.net/4098095092/The-Girl-from-the-Other-Side-Si-il-A-R-n-Volume-1-The-Girl-from-the-Other-Side-1-by-Nagabe.pdf
    • http://loaminoo.linkpc.net/1090098090096098098/Night-Falls-on-the-Piazza-by-Riley-Lashea.pdf
    • http://loaminoo.linkpc.net/3095095090094/Bright-Side-Bright-Side-1-by-Kim-Holden.pdf
    • http://loaminoo.linkpc.net/3098097097099091/The-Wild-Side-The-Wild-Side-1-by-R-K-Lilley.pdf
    • http://loaminoo.linkpc.net/6099093094093/Bright-Side-Bright-Side-1-by-Kim-Holden.pdf
    • http://loaminoo.linkpc.net/6096095094095091/A-Night-Out-Night-School-Revue-Sketches-Early-Plays-by-Harold-Pinter.pdf
    • http://loaminoo.linkpc.net/2097091092092091/Silent-Night-Haunted-Night-Nicki-Styx-4-by-Terri-Garey.pdf
    • http://loaminoo.linkpc.net/1098095094091/Photoshop-Painter-Illustra

Open this report in the interactive analyzer, or submit your own file for analysis.