Malicious PDF — malware analysis report

Static analysis result for SHA-256 b170fa002497d494…

MALICIOUS

PDF

15.1 KB Created: 2019-04-30 18:45:34 +01:00 Authoring application: mPDF 5.7
MD5: 7a38a4108c3f0a47269337fed17b4670 SHA-1: c0f440ce92e5be6e8653739332eae74f5bb87ff5 SHA-256: b170fa002497d494fb81c734fc866ac3485546d4315b88e457f170c16af72a7c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents hosted on the domain 'loaminoo.linkpc.net'. This is indicative of a link farm or a mechanism to distribute further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the immediate intent beyond the link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9091095099093096/A-Very-Bad-Wizard-Morality-Behind-the-Curtain-by-Tamler-Sommers.pdf
    • http://loaminoo.linkpc.net/2097096092099096/Wizard-Defiant-Intergalactic-Wizard-Scout-Chronicles-1-by-Rodney-W-Hartman.pdf
    • http://loaminoo.linkpc.net/3091091095093096/The-Wizard-s-Cookbook-Magical-Recipes-Inspired-by-Harry-Potter-Merlin-the-Wizard-of-Oz-and-More-by-Aurelia-Beaupommier.pdf
    • http://loaminoo.linkpc.net/4090093094098090/Wizard-s-Sword-The-Battle-Wizard-Saga-2-by-C-M-Lance.pdf
    • http://loaminoo.linkpc.net/1094093092093091/The-Wizard-The-Wizard-Knight-2-by-Gene-Wolfe.pdf
    • http://loaminoo.linkpc.net/4095097093095095/The-Wizard-of-4th-Street-Wizard-1-by-Simon-Hawke.pdf
    • http://loaminoo.linkpc.net/3090091098094090/Bound-to-Black-by-F-Sommers.pdf
    • http://loaminoo.linkpc.net/1090098093099095/Truest-by-Jackie-Lea-Sommers.pdf
    • http://loaminoo.linkpc.net/7096098091091093/Van-Helsing-The-Making-Of-The-Legend-by-Stephen-Sommers.pdf
    • http://loaminoo.linkpc.net/3091097091095090/The-Hidden-Truth-Caught-Off-Guard-2-by-L-Sommers.pdf
    • http://loaminoo.linkpc.net/8093090095096093/How-to-Make-Beaucoup-Bucks-on-eBay-by-Laura-Sommers.pdf
    • http://loaminoo.linkpc.net/4093094090092090/The-Mummies-of-the-Reich-The-India-Sommers-Mysteries-3-by-K-M-Ashman.pdf
    • http://loaminoo.linkpc.net/1096099093093/The-Open-Curtain-by-Brian-Evenson.pdf
    • http://loaminoo.linkpc.net/4097099094094093/What-will-I-wear-to-your-funeral-by-Kellie-Curtain.pdf
    • http://loaminoo.linkpc.net/3095091098095093/Behind-the-Green-Curtain-by-Riley-Lashea.pdf
    • http://loaminoo.linkpc.net/1090099096095095/The-Curtain-Twitcher-s-Handbook-by-Jo-Danilo.pdf
    • http://loaminoo.linkpc.net/9097092093095091/Lace-Curtain-by-Mary-Lou-Widmer.pdf
    • http://loaminoo.linkpc.net/4096094090096091/The-Swish-Of-The-Curtain-by-Pamela-Brown.pdf
    • http://loaminoo.linkpc.net/2090090094092/Crystal-Curtain-by-Sandy-Bayer.pdf
    • http://loaminoo.linkpc.net/4098096095090093/Behind-the-Velvet-Curtain-by-Matt-Converse.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.