Malicious PDF — malware analysis report

Static analysis result for SHA-256 adba771e143a94ed…

MALICIOUS

PDF

14.6 KB Created: 2019-04-30 04:36:59 +01:00 Authoring application: mPDF 5.7
MD5: b8595f72682ec7f047ea43711681e4fa SHA-1: b345bfd765ae5d949ea4c1282ab679dac2a974d3 SHA-256: adba771e143a94eddd4a4f639ae3ead6874da967d4d03c39060c8f608b53e80b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links, many of which point to numeric slugs on the 'loaminoo.linkpc.net' domain. This behavior is consistent with a link farm or SEO manipulation tactic, potentially used to distribute malicious content or phish for credentials. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4094094092095/The-Spell-The-Big-Bad-Wolf-3-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/1091095092091099/The-Big-Bad-Wolf-Romance-Compilation-The-Big-Bad-Wolf-1-4-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/8093099090090/A-Sinister-Game-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/1097097097097097/Samael-The-Lost-Angels-5-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/6098099099096/The-Goblin-King-The-Kings-4-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/2097093093091090/The-Unseelie-King-The-Kings-6-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/3099091092096098/The-Dragon-King-The-Kings-12-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/3093098093098096/Messenger-s-Angel-The-Lost-Angels-2-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/1097098094097091/Messenger-s-Angel-The-Lost-Angels-2-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/3093098092094096/Death-s-Angel-The-Lost-Angels-3-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/4099090097092091/Warrior-s-Angel-The-Lost-Angels-4-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/4099094096098/Hell-Bent-Love-Kills-Professionally-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/2091094091091099/The-Chosen-Soul-The-Chosen-Soul-1-by-Heather-Killough-Walden.pdf
    • http://loaminoo.linkpc.net/1091098098090096/Wolf-Spell-Wolf-Trilogy-1-by-M-R-Polish.pdf
    • http://loaminoo.linkpc.net/8096097095093092/Walden-oder-Leben-in-den-W-ldern-Walden-or-Life-in-the-Woods-by-Henry-David-Thoreau.pdf
    • http://loaminoo.linkpc.net/9098096099090096/Kipnuk-Has-a-Birthday-by-Heather-Wolf.pdf
    • http://loaminoo.linkpc.net/1098098092092096/Wolf-At-Law-Wolves-of-Willow-Bend-0-5-by-Heather-Long.pdf
    • http://loaminoo.linkpc.net/3098093090097097/Untamed-Wolf-Wolves-of-Willow-Bend-6-by-Heather-Long.pdf
    • http://loaminoo.linkpc.net/6097097099098/Caged-Wolf-Wolves-of-Willow-Bend-2-by-Heather-Long.pdf
    • http://loaminoo.linkpc.net/2095090093092093/Bayou-Wolf-Wolves-of-Willow-Bend-5-by-Heather-Long.pdf
    • http://loaminoo.linkpc.net/4099094096098/Hell-Bent-Love-Kills-Professionally-by-Hea

Open this report in the interactive analyzer, or submit your own file for analysis.