Malicious PDF — malware analysis report

Static analysis result for SHA-256 a78f7f6238dbc952…

MALICIOUS

PDF

13.8 KB Created: 2019-05-01 20:00:43 +01:00 Authoring application: mPDF 5.7
MD5: 75a8b32f495b4fe7ac4db7f92ba61ee1 SHA-1: 2cd8fa19363b331be86f7f6ed50c1e43e175ccd7 SHA-256: a78f7f6238dbc9528c7231a8bdf7bf042bbedf3ee9c9854205ea89866429bef1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently flagged as benign, the sheer volume and the nature of the heuristic suggest a potential for malicious redirection or phishing. No scripts were extracted from this sample. The attack pattern is inferred from the link farm heuristic.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1095097094093091/The-Speaking-Stone-of-Caradoc-by-Evadeen-Brickwood.pdf
    • http://loaminoo.linkpc.net/4099093093090/lizards-frogs-and-polliwogs-by-Douglas-Florian.pdf
    • http://loaminoo.linkpc.net/1090096092092091/Singing-Fire-Singing-Fire-1-by-T-L-Martin.pdf
    • http://loaminoo.linkpc.net/1091093098090098090/TERRALOG-Agamid-Lizards-of-Southern-Asia-Draconinae-2---Leiolepidinae-TERRALOG-7b-English-and-German-Edition-by-Ulrich-Manthey.pdf
    • http://loaminoo.linkpc.net/1098091092094094/Listen-for-the-Singing-by-Jean-Little.pdf
    • http://loaminoo.linkpc.net/5090092091098097/The-Singing-Sands-by-Josephine-Tey.pdf
    • http://loaminoo.linkpc.net/6093091096098/The-Singing-Whakapapa-by-C-K-Stead.pdf
    • http://loaminoo.linkpc.net/8090096098096/The-Singing-Wilderness-by-Sigurd-F-Olson.pdf
    • http://loaminoo.linkpc.net/1095094092096093/The-Singing-Bone-by-Beth-Hahn.pdf
    • http://loaminoo.linkpc.net/8095095098091095/SINGING-ON-TITANIC-by-Perry-Glasser.pdf
    • http://loaminoo.linkpc.net/1090096099094090/The-Earth-is-Singing-by-Vanessa-Curtis.pdf
    • http://loaminoo.linkpc.net/2091097098095095/All-the-Birds-Singing-by-Evie-Wyld.pdf
    • http://loaminoo.linkpc.net/1098092095098092/Singing-Other-Worlds-by-Scott-J-Robinson.pdf
    • http://loaminoo.linkpc.net/3099096090095/The-Grass-is-Singing-by-Doris-Lessing.pdf
    • http://loaminoo.linkpc.net/8098092090099/All-the-Birds-Singing-by-Evie-Wyld.pdf
    • http://loaminoo.linkpc.net/5095094092095093/Singing-Bird-by-Roisin-McAuley.pdf
    • http://loaminoo.linkpc.net/1096099094098091/Dead-Birds-Singing-by-Marc-Talbert.pdf
    • http://loaminoo.linkpc.net/5096096090094/A-Star-Curiously-Singing-by-Kerry-Nietz.pdf
    • http://loaminoo.linkpc.net/1098091091092097/The-Dragons-are-Singing-Tonight-by-Jack-Prelutsky.pdf
    • http://loaminoo.linkpc.net/4098099091091093/The-Morning-Comes-Singing-Home-2-by-Kristen-D-Randle.pdf
    • http://loaminoo.linkpc.net/8095095098091095/SINGING-ON-TITANIC-by-Perry-G

Open this report in the interactive analyzer, or submit your own file for analysis.