Malicious PDF — malware analysis report

Static analysis result for SHA-256 b0fa9a1f2eb275c2…

MALICIOUS

PDF

14.1 KB Created: 2019-04-30 05:18:53 +01:00 Authoring application: mPDF 5.7
MD5: d3ed4adc1b1d490c035823bbe82a7364 SHA-1: 556d8d3415960794f07f66e8c160a948395c7e35 SHA-256: b0fa9a1f2eb275c2ce2cdfd9be32ff8229e5e53a6ed4c010ee220f514d500abd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and structure suggest a malicious intent, possibly for SEO poisoning or to distribute further malware. The ML_NYX_PDF_MALICIOUS heuristic also flagged the file with high confidence. No scripts were extracted, and the document body was truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1096091091097094/A-for-Andromeda-by-Fred-Hoyle.pdf
    • http://loaminoo.linkpc.net/9099094093090/The-Black-Cloud-by-Fred-Hoyle.pdf
    • http://loaminoo.linkpc.net/3097094090092098/Andromeda-Stories-Vol-1-Andromeda-Stories-1-by-Keiko-Takemiya.pdf
    • http://loaminoo.linkpc.net/1092096099094091/Breakthrough-Breakthrough-1-by-Michael-C-Grumley.pdf
    • http://loaminoo.linkpc.net/1090090099093095095/The-Andromeda-Galaxy-and-Beyond-by-Robert-W-Stach.pdf
    • http://loaminoo.linkpc.net/9091091093092/Andromeda-Klein-by-Frank-Portman.pdf
    • http://loaminoo.linkpc.net/2092093094097093/According-To-Hoyle-by-Abigail-Roux.pdf
    • http://loaminoo.linkpc.net/1090098091090094/The-Six-The-Gateway-Chronicles-1-by-K-B-Hoyle.pdf
    • http://loaminoo.linkpc.net/1091098091094093092/When-the-Turaco-Calls-by-Gisela-Hoyle.pdf
    • http://loaminoo.linkpc.net/1091091095099091/Thirteen-Adam-Grant-1-by-Tom-Hoyle.pdf
    • http://loaminoo.linkpc.net/1092098094099097/The-White-Thread-The-Gateway-Chronicles-3-by-K-B-Hoyle.pdf
    • http://loaminoo.linkpc.net/2093093090093091/Adin-s-Adventure-How-to-Ruin-a-Rescue-Welcome-to-the-Program-2-by-Andromeda-Bliss.pdf
    • http://loaminoo.linkpc.net/1095099096097098/Andromeda-s-Fall-The-Prequel-Legion-Series-1-by-William-C-Dietz.pdf
    • http://loaminoo.linkpc.net/9099094092096092/The-Andromeda-Strain-by-Michael-Crichton-Summary-amp-Study-Guide-by-BookRags.pdf
    • http://loaminoo.linkpc.net/4094093099093091/Survival-in-Shanghai-The-Journals-of-Fred-Marcus-1939-49-by-Fred-Marcus.pdf
    • http://loaminoo.linkpc.net/4093090093094091/Breakthrough-by-Kris-Bryant.pdf
    • http://loaminoo.linkpc.net/6094090097093097/The-Collected-Sermons-of-Fred-B-Craddock-by-Fred-B-Craddock.pdf
    • http://loaminoo.linkpc.net/2099096093090098/Transformation-The-Breakthrough-by-Whitley-Strieber.pdf
    • http://loaminoo.linkpc.net/3092095092099094/Genesis-Breakthrough-0-5-by-Michael-C-Grumley.pdf
    • http://loaminoo.linkpc.net/8093098091091095/Our-Most-Effective-Breakthrough-Weapon-by-Mireille-Desrosiers.pdf
    • http://loaminoo.linkpc.net/2

Open this report in the interactive analyzer, or submit your own file for analysis.