Malicious PDF — malware analysis report

Static analysis result for SHA-256 b241e05f6b856f61…

MALICIOUS

PDF

13.7 KB Created: 2019-05-02 04:39:14 +01:00 Authoring application: mPDF 5.7
MD5: a7266d61c65975315933fe0ffd6d9184 SHA-1: 8cbcb8af2900dbffd11ffd62c74d6746b2bdd0f1 SHA-256: b241e05f6b856f610b824741aabe38217d50fa20b3d634d5cb07c30f990a7402
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or phishing attempt. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of links points to a delivery mechanism for malicious content or further exploitation. The URLs themselves appear to be benign, but their quantity and context within a malicious PDF are suspicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3095091099/Lumberjack-A-Real-Man-1-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/4099093090091090/Virgin-A-Real-Man-2-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/3091099096092097/Experienced-A-Real-Man-4-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/7092096096093/His-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/1090098098094091095/The-Baby-Deal-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/1097094096099099/A-Mate-for-the-Savage-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/1098093095098096/Blurred-Lines-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/3099092094090092/One-Night-in-the-Outlaw-s-Bed-The-Grizzly-MC-3-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/4095095099091094/Kink-s-Way-The-Brothers-of-Menace-MC-2-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/3099098099097093/Owned-by-the-Outlaw-The-Grizzly-MC-6-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/7097091096091099/The-Wolf-s-Capture-Captured-1-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/7091095099092099/Carnal-Luecross-Wolves-3-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/6097096095099091/The-Picture-of-Dorian-Gray-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/3099092090096096/Nothin-But-Trouble-The-Grizzly-MC-4-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/4093096098091096/The-Outlaw-Stakes-His-Claim-The-Grizzly-MC-5-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/4095095097096091/The-Outlaw-s-Dirty-Dancer-The-Grizzly-MC-2-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/1098094096092091/A-Fox-Between-the-Bear-s-Sheets-Wylde-Bears-2-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/1098094096091099/Bared-for-Her-Bear-Wylde-Bears-1-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/4091097094091090/Being-with-the-Brothers-Next-Door-Wickedly-Taboo-4-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/4091097096096093/Taming-Her-Hybrid-Beast-Sweet-Water-6-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/3099092090096096/Nothin-But-Trouble-The-Grizzly-MC

Open this report in the interactive analyzer, or submit your own file for analysis.