Malicious PDF — malware analysis report

Static analysis result for SHA-256 b02aa393a4ac87a8…

MALICIOUS

PDF

12.8 KB Created: 2019-05-03 05:59:58 +01:00 Authoring application: mPDF 5.7
MD5: 0e00db574b910778f167257744044627 SHA-1: ce711dca4bd48928c57bb94a86e08ce7fc6210c7 SHA-256: b02aa393a4ac87a8941a1a8486322024046522801966e5ad1c6453471a5f4606
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files hosted on a dynamic DNS domain. This is indicative of a link farm or SEO poisoning attack, designed to drive traffic to malicious content or exploit search engine vulnerabilities. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3091090094096091/Randy-and-Walter-Portrait-of-Two-Killers-by-Tristan-Slaughter.pdf
    • http://loaminoo.linkpc.net/8098093097092098/Children-To-The-Slaughter-Slaughter-1-by-A-I-Nasser.pdf
    • http://loaminoo.linkpc.net/1091093093091096094/The-Helpless-Poles-by-Abe-J-Unruh.pdf
    • http://loaminoo.linkpc.net/1091096092095098091/Helpless-and-Hopeless-by-Kenya-Carlton.pdf
    • http://loaminoo.linkpc.net/5097097093093090/The-unholy-Books-of-Tristan-Wrangler-Tristan-Wrangler-Series-Book-1-by-Don-Both.pdf
    • http://loaminoo.linkpc.net/2091092095097098/More-Minds-Minds-2-by-Carol-Matas.pdf
    • http://loaminoo.linkpc.net/7091094098097092/The-Centenary-Corbiere-Poems-and-Prose-of-Tristan-Corbiere-by-Tristan-Corbi-re.pdf
    • http://loaminoo.linkpc.net/1090092097096/The-Darkest-Minds-The-Darkest-Minds-1-by-Alexandra-Bracken.pdf
    • http://loaminoo.linkpc.net/7090098/Devious-Minds-Devious-Minds-1-by-K-F-Germaine.pdf
    • http://loaminoo.linkpc.net/8098093096097092/I-Am-Slaughter-by-Dan-Abnett.pdf
    • http://loaminoo.linkpc.net/3095095093096094/Slaughter-by-Shantel-Tessier.pdf
    • http://loaminoo.linkpc.net/3092098097095095/Slaughter-by-Marcus-F-Griffin.pdf
    • http://loaminoo.linkpc.net/4096092093092097/Cop-Town-by-Karin-Slaughter.pdf
    • http://loaminoo.linkpc.net/2099099096093/Criminal-by-Karin-Slaughter.pdf
    • http://loaminoo.linkpc.net/3096095090096094/Sea-of-Slaughter-by-Farley-Mowat.pdf
    • http://loaminoo.linkpc.net/2099094099096/Slaughter-by-Elmer-Kelton.pdf
    • http://loaminoo.linkpc.net/3096092096091092/Like-a-Charm-by-Karin-Slaughter.pdf
    • http://loaminoo.linkpc.net/2099091090095/Fallen-by-Karin-Slaughter.pdf
    • http://loaminoo.linkpc.net/5096097097091097/Thorn-in-My-Side-by-Karin-Slaughter.pdf
    • http://loaminoo.linkpc.net/1092095091095090/Can-I-Get-There-By-Candlelight-by-Jean-Slaughter-Doty.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.