Malicious PDF — malware analysis report

Static analysis result for SHA-256 b17862adb744b57a…

MALICIOUS

PDF

9.6 KB Created: 2019-04-30 04:44:32 +01:00 Authoring application: mPDF 5.7
MD5: 0f10cf2f326bdfd271a4ea1035c8d650 SHA-1: 648275e131ee4f8571b2247f87dbef3f3dc82401 SHA-256: b17862adb744b57a93f612244448e42efa3bd9d3fd9dc3eac0044e4ba328b7e5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, indicative of a link farm or a distribution mechanism for other content. The heuristic PDF_SEO_LINK_FARM specifically flags this behavior. While the URLs themselves are currently marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation or to serve as a landing page for further malicious activity. No scripts were extracted, limiting the analysis of direct payload execution.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3094094094097091/Disorderly-by-Jayme-K-.pdf
    • http://loaminoo.linkpc.net/6095099091095090/Written-in-the-Stars-by-Jayme-Ardente-Silliman.pdf
    • http://loaminoo.linkpc.net/1095098095092096/Disorderly-Women-by-Malathi-Rao.pdf
    • http://loaminoo.linkpc.net/1094098094094098/Cold-as-Ice-The-Briar-Creek-Vampires-5-by-Jayme-Morse.pdf
    • http://loaminoo.linkpc.net/8094096093093/Thicker-Than-Water-The-Briar-Creek-Vampires-2-by-Jayme-Morse.pdf
    • http://loaminoo.linkpc.net/7091093092090097/On-the-Nose-A-Lifelong-Obsession-with-Yosemite-s-Most-Iconic-Climb-by-Jayme-Moye.pdf
    • http://loaminoo.linkpc.net/4096091097095096/Disorderly-Conduct-The-Academy-1-by-Tessa-Bailey.pdf
    • http://loaminoo.linkpc.net/3094091091099092/Disorderly-Conduct-The-Academy-1-by-Tessa-Bailey.pdf
    • http://loaminoo.linkpc.net/5090096094091092/The-Sixties-Unplugged-A-Kaleidoscopic-History-of-a-Disorderly-Decade-by-Gerard-J-DeGroot.pdf
    • http://loaminoo.linkpc.net/6099090092094095/Disorderly-Families-Infamous-Letters-from-the-Bastille-Archives-by-Arlette-Farge.pdf
    • http://loaminoo.linkpc.net/5092092092096094/Disorderly-Women-Sexual-Politics-and-Evangelicalism-in-Revolutionary-New-England-by-Susan-Juster.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.