Malicious PDF — malware analysis report

Static analysis result for SHA-256 a97f9c16d1bccca2…

MALICIOUS

PDF

14.8 KB Created: 2019-04-30 05:14:48 +01:00 Authoring application: mPDF 5.7
MD5: d882956a6f17d389fa096f31d4d34408 SHA-1: 7ec5fdee0205c16e8ea7c8ae6d26598324ce38ed SHA-256: a97f9c16d1bccca24ccb29646f83863dcf94ee22160b08537c6199e7544ac330
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While most of the linked URLs were marked as confirmed benign, the sheer volume and structure suggest a link farm designed to direct users to potentially malicious content. The ML_NYX_PDF_MALICIOUS classifier also flagged this PDF with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3093098096097096/A-War-of-Shadows-by-W-Stanley-Moss.pdf
    • http://loaminoo.linkpc.net/1091098098095097/Bill-Moss-Fabric-Artist-and-Designer-by-Marilyn-Moss.pdf
    • http://loaminoo.linkpc.net/2093097099092095/Stanley-Bagshaw-and-the-Short-Sighted-Football-Trainer-Stanley-Bagshaw-Series-by-Bob-Wilson.pdf
    • http://loaminoo.linkpc.net/3095097092090092/Forward-Observer-Stanley-Kauffmann-at-the-Cinema-1998-2013-by-Stanley-Kauffmann.pdf
    • http://loaminoo.linkpc.net/5093090093093093/Forward-Observer-Stanley-Kauffmann-at-the-Cinema-1999-2013-by-Stanley-Kauffmann.pdf
    • http://loaminoo.linkpc.net/5093090093091098/The-Millennial-Critic-Stanley-Kauffmann-on-Film-1999-2009-by-Stanley-Kauffmann.pdf
    • http://loaminoo.linkpc.net/4098095095099/Out-of-the-Shadows-Bishop-Special-Crimes-Unit-3-Shadows-3-by-Kay-Hooper.pdf
    • http://loaminoo.linkpc.net/2094091099091097/The-Shadows-The-Return-Has-Begun-The-Shadows-Saga-1-by-Alouy-Martinez.pdf
    • http://loaminoo.linkpc.net/3097097092094098/Shadows-of-Doubt-A-Series-of-Shadows-1-by-Mell-Corcoran.pdf
    • http://loaminoo.linkpc.net/4099098093097/Shadows-Gray-Shadows-1-by-Melyssa-Williams.pdf
    • http://loaminoo.linkpc.net/6093099094090/The-Collected-Poems-of-Stanley-Kunitz-by-Stanley-Kunitz.pdf
    • http://loaminoo.linkpc.net/2091095093090094/Stanley-Kubrick-s-Clockwork-Orange-by-Stanley-Kubrick.pdf
    • http://loaminoo.linkpc.net/1090097096094095/Shadows-Shadows-1-by-Cheree-Alsop.pdf
    • http://loaminoo.linkpc.net/3098099096095094/Ivf-by-Brigid-Moss.pdf
    • http://loaminoo.linkpc.net/5098097093095098/Moonlit-Shadows-Taken-Moonlit-Shadows-Series-Book-1-by-Shawna-Gautier.pdf
    • http://loaminoo.linkpc.net/4093091095090097/Bittersweet-by-Brooke-Moss.pdf
    • http://loaminoo.linkpc.net/1090093098094092/Shadow-by-Jenny-Moss.pdf
    • http://loaminoo.linkpc.net/6096096098098094/This-Is-The-Oasis-by-Miriam-Moss.pdf
    • http://loaminoo.linkpc.net/6098095094092092/Tellers-by-Rick-Moss.pdf
    • http://loaminoo.linkpc.net/4093090093096097/The-Carny-by-Brooke-Moss.pdf
    • http://loaminoo.linkpc.net/2094091099091097/The-Shadows-T

Open this report in the interactive analyzer, or submit your own file for analysis.