Malicious PDF — malware analysis report

Static analysis result for SHA-256 aee5c90853727b9a…

MALICIOUS

PDF

15.2 KB Created: 2019-05-07 04:05:27 +01:00 Authoring application: mPDF 5.7
MD5: 3f18ae029159d359c91ba6dbb4d5cd82 SHA-1: 119e87a26b289c4ebe84cf5f82c5658f4ff494a4 SHA-256: aee5c90853727b9a0b0903529a04dc4a8c4cf162dc29513dced4216fbd809c9f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents hosted on a dynamic DNS domain. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this is not a legitimate document. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.lin
    • http://loaminoo.linkpc.net/1090097096091093/When-We-Were-Two-by-Robert-Newton.pdf
    • http://loaminoo.linkpc.net/4091093097093/A-Day-No-Pigs-Would-Die-by-Robert-Newton-Peck.pdf
    • http://loaminoo.linkpc.net/4094097095096093/Soup-amp-Me-by-Robert-Newton-Peck.pdf
    • http://loaminoo.linkpc.net/1098091093092098/A-Day-No-Pigs-Would-Die-by-Robert-Newton-Peck.pdf
    • http://loaminoo.linkpc.net/4096092099092099/Mr-Romanov-s-Garden-in-the-Sky-by-Robert-Newton.pdf
    • http://loaminoo.linkpc.net/7091090092092099/Maze-Runner-Critique-and-Notes---A-summary-of-James-Dashner-s-The-Maze-Runner-by-Kalilia-Bina.pdf
    • http://loaminoo.linkpc.net/6096094090099098/The-Maze-Runner-and-The-Scorch-Trials-The-Collector-s-Edition-Maze-Runner-1-2-by-James-Dashner.pdf
    • http://loaminoo.linkpc.net/6096094091094090/Maze-Runner-Parody---The-Dazed-Runner-by-Parody-Brothers.pdf
    • http://loaminoo.linkpc.net/5093090093094/Sand-Runner-Sand-Runner-1-by-Vera-Brook.pdf
    • http://loaminoo.linkpc.net/1090094094094099094/Helmut-Newton-a-Gun-for-Hire-Photo-Books-S-by-Helmut-Newton.pdf
    • http://loaminoo.linkpc.net/1090094094094096090/Helmut-Newton-Pages-from-the-Glossies-by-Helmut-Newton.pdf
    • http://loaminoo.linkpc.net/1090094094092099095/Helmut-Newton-Private-Property-by-Helmut-Newton.pdf
    • http://loaminoo.linkpc.net/5094093099095092/Nick-Newton-Is-Not-a-Genius-Nick-Newton-1-by-S-E-M-Ishida.pdf
    • http://loaminoo.linkpc.net/1090094094092093098/Playboy-Helmut-Newton-by-Helmut-Newton.pdf
    • http://loaminoo.linkpc.net/3091099091095098/The-North-Runner-by-R-D-Lawrence.pdf
    • http://loaminoo.linkpc.net/3095094091092097/Once-a-Runner-by-John-L-Parker-Jr-.pdf
    • http://loaminoo.linkpc.net/1090092092090/Runner-Sam-Dryden-1-by-Patrick-Lee.pdf
    • http://loaminoo.linkpc.net/2095090099091090/Once-a-Runner-by-John-L-Parker-Jr-.pdf
    • http://loaminoo.linkpc.net/1096099090096093/End-of-Days-Night-Runner-2-by-Max-Turner.pdf
    • http://loaminoo.linkpc.net/3092092096098099/Blade-Runner-by-Philip-K-Dick.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.