Malicious PDF — malware analysis report

Static analysis result for SHA-256 b0861ef2fed2ef24…

MALICIOUS

PDF

12.9 KB Created: 2019-04-30 04:01:57 +01:00 Authoring application: mPDF 5.7
MD5: 653e1e101653c156fc4a8b2653675d7c SHA-1: 10c5a177f332ee7ba12a7dbbf1e77bc32f61cbc0 SHA-256: b0861ef2fed2ef242022c5f5b8dd38447d4293ba371bd1c2531a610d350ca2f5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded URLs, all pointing to the same domain 'xiixmcuin.linkpc.net'. This domain is associated with a PDF link farm, a common tactic for SEO manipulation or distributing malicious content. The heuristic 'PDF_SEO_LINK_FARM' confirms this behavior. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/1200209204203204201/Lotta-Says-No-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/4201201207205205/The-Tomten-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1201200205209201207/Pippi-On-The-Run-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/6206204206203208/Emil-And-The-Bad-Tooth-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/3202209200204203/Pippi-Longstocking-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/2203205208201201/Pippi-Longstocking-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/2205205203206203/Do-You-Know-Pippi-Longstocking-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/5208206206208/Seacrow-Island-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1201200205209207208/Pippi-Longstocking-4-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/3202204206209/Pippi-Longstocking-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/2204201200203209/Most-Beloved-Sister-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/4207204201201/Pippi-Goes-on-Board-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/4207202207207/Pippi-in-the-South-Seas-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/3200202203200207/Christmas-in-Noisy-Village-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1201200205209202200/Pippi-s-Extraordinary-Ordinary-Day-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1200200209209208201/Ich-will-auch-Geschwister-haben-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1203207207208202/Bill-Bergson-Master-Detective-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1201200206200206206/Pipii-Longstocking-The-Strongest-in-the-World-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/2200208206204200/Pippi-Longstocking-and-Friends-Collection-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/3200204201204207/Bill-Bergson-and-The-White-Rose-Rescue-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/3200202203200207/Christmas-in-Noisy-Village-by-Astrid-Lin

Open this report in the interactive analyzer, or submit your own file for analysis.