Malicious PDF — malware analysis report

Static analysis result for SHA-256 ab00ec3ed78eb66b…

MALICIOUS

PDF

15.1 KB Created: 2019-05-03 05:05:31 +01:00 Authoring application: mPDF 5.7
MD5: a79f2caaab54595c6b40460a28578a15 SHA-1: 690d7a34d7ab0235cd805393b1ea4ccfa4132551 SHA-256: ab00ec3ed78eb66b091a817ca0f06918fa94d1e8d97be7e2e3fbb5efabbddc7e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external resources, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs are currently flagged as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to redirect users to malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4093099099093093/Blood-Passage-Dark-Caravan-Cycle-2-by-Heather-Demetrios.pdf
    • http://loaminoo.linkpc.net/1099094096099099/Blood-Passage-Dark-Caravan-Cycle-2-by-Heather-Demetrios.pdf
    • http://loaminoo.linkpc.net/2090097097099093/I-ll-Meet-You-There-by-Heather-Demetrios.pdf
    • http://loaminoo.linkpc.net/2091096/I-ll-Meet-You-There-by-Heather-Demetrios.pdf
    • http://loaminoo.linkpc.net/4091096091093095/Bad-Romance-by-Heather-Demetrios.pdf
    • http://loaminoo.linkpc.net/9091097095090/Dark-Passage-Dark-Passage-1-by-M-L-Woolley.pdf
    • http://loaminoo.linkpc.net/3093094097099098/Blood-Passage-Blood-Destiny-2-by-Connie-Suttle.pdf
    • http://loaminoo.linkpc.net/1092097098094096/The-Dark-Truth-Book-One---The-Dark-Passage-Series-by-Jerry-Knaak.pdf
    • http://loaminoo.linkpc.net/1095094090098095/Dark-Passage-Dark-Mirror-2-by-M-J-Putney.pdf
    • http://loaminoo.linkpc.net/4094090094093/Something-Real-Something-Real-1-by-Heather-Demetrios.pdf
    • http://loaminoo.linkpc.net/3090093094095090/Cold-Blood-Dirty-Blood-2-by-Heather-Hildenbrand.pdf
    • http://loaminoo.linkpc.net/4091090094094097/Dark-Passage-by-David-Goodis.pdf
    • http://loaminoo.linkpc.net/4096097093096096/Dark-Passage-Chosen-Book-1-by-M-L-Woolley.pdf
    • http://loaminoo.linkpc.net/3099094099090/Dark-Passage-Kingdom-Keepers-6-by-Ridley-Pearson.pdf
    • http://loaminoo.linkpc.net/5095096098092092/The-Verdant-Passage-Dark-Sun-Prism-Pentad-1-by-Troy-Denning.pdf
    • http://loaminoo.linkpc.net/2091098099095092/Dark-Banquet-Blood-and-the-Curious-Lives-of-Blood-Feeding-Creatures-by-Bill-Schutt.pdf
    • http://loaminoo.linkpc.net/4095094090098094/Half-Blood-Princess-Blood-Claim--Resurrection-Stone--Shadowed-Memories--Dark-Soul-by-Magen-McMinimy.pdf
    • http://loaminoo.linkpc.net/1097095093098097/Darkness-Fair-The-Dark-Cycle-2-by-Rachel-A-Marks.pdf
    • http://loaminoo.linkpc.net/2091098096095094/Blood-Red-Alliance-Vampires-8-by-Heather-Graham.pdf
    • http://loaminoo.linkpc.net/2094092093096097/the-Dark-The-Portal-Trilogy-1-5-by-Heather-Self.pdf
    • http://loaminoo.linkpc.net/4096097093096096/Dark-Pass

Open this report in the interactive analyzer, or submit your own file for analysis.