Malicious PDF — malware analysis report

Static analysis result for SHA-256 b0c3799880f8ef1a…

MALICIOUS

PDF

15.4 KB Created: 2019-05-04 12:50:36 +01:00 Authoring application: mPDF 5.7
MD5: 62e92bd995c6793c2bd1a4a69d01f9f4 SHA-1: 5d02f1572b5e7d81ada28bd48c535748a1007469 SHA-256: b0c3799880f8ef1a310835dfbeeace03de8914b3260493df36eb6555c27b1e03
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on the 'loaminoo.linkpc.net' domain. While the URLs themselves are marked as confirmed benign, the sheer volume and structure suggest a link farm or SEO spamming technique, which can be a precursor to malicious activity or used to artificially inflate search rankings. The document body was unreadable, limiting further analysis of its direct intent.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7098092093096099/The-Haldeman-Diaries-Inside-the-Nixon-White-House-by-H-R-Haldeman.pdf
    • http://loaminoo.linkpc.net/7098092096099098/The-Classic-Works-of-I-M-Haldeman-by-Isaac-Massey-Haldeman.pdf
    • http://loaminoo.linkpc.net/1099098091091092/The-Essential-Hemingway-by-Ernest-Hemingway.pdf
    • http://loaminoo.linkpc.net/6091099099090091/A-Farewell-to-Arms-The-Complete-Works-of-Ernest-Hemingway-Volume-3-of-21-by-Ernest-Hemingway.pdf
    • http://loaminoo.linkpc.net/2092097097091091/Hemingway-by-Ernest-Hemingway.pdf
    • http://loaminoo.linkpc.net/2097099091094090/The-Hoax-by-Clifford-Irving.pdf
    • http://loaminoo.linkpc.net/2092092098097096/The-Holiday-Hoax-by-Jennifer-Probst.pdf
    • http://loaminoo.linkpc.net/1090095091093099/The-Cholesterol-Hoax-by-Sherry-A-Rogers.pdf
    • http://loaminoo.linkpc.net/2093091092090098/Beyond-the-Hoax-Science-Philosophy-and-Culture-by-Alan-Sokal.pdf
    • http://loaminoo.linkpc.net/2099090095094097/The-Great-Time-Machine-Hoax-by-Keith-Laumer.pdf
    • http://loaminoo.linkpc.net/3094095090090090/The-Great-Bird-Flu-Hoax-The-Truth-They-Don-t-Want-You-to-Know-About-the-Next-Big-Pandemic-by-Joseph-Mercola.pdf
    • http://loaminoo.linkpc.net/2093098096099096/The-Rise-of-the-Indian-Rope-Trick-How-a-Spectacular-Hoax-Became-History-by-Peter-Lamont.pdf
    • http://loaminoo.linkpc.net/6098098098096090/Caraboo-the-servant-girl-princess-the-real-story-of-the-grand-hoax-by-Jennifer-Raison.pdf
    • http://loaminoo.linkpc.net/2097094096097097/Ernest-Hemingway-on-Writing-by-Ernest-Hemingway.pdf
    • http://loaminoo.linkpc.net/7098092096099095/Spacefighters-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/4095094099091095/Camouflage-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/5092099093096091/The-Forever-War-4-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/8099093095093/The-Forever-War-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/5092099093096095/The-Forever-War-5-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/2097092099097/Camouflage-by-Joe-Haldeman.pdf
    • http://loaminoo.linkpc.net/3094095090090090/The-Great-Bird-

Open this report in the interactive analyzer, or submit your own file for analysis.