Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4f1bebc767fbb26…

MALICIOUS

PDF

15.4 KB Created: 2019-05-07 04:07:51 +01:00 Authoring application: mPDF 5.7
MD5: bfc677f712af137002736293a86f17ea SHA-1: 60d9ce7d4c3c9e374d0b2ba9519793bed6dc59c1 SHA-256: b4f1bebc767fbb266f76360929fe34f932d41f69271aef95ce7685c1e39e51be
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently classified as benign, the sheer volume and the heuristic 'PDF_SEO_LINK_FARM' strongly suggest a malicious intent, likely for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1093096098094090/Miracles-of-The-Qur-an-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/2090093098095091/Allah-s-Miracles-in-the-Qur-an-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/1095098095096092/The-Miracle-in-the-Ant-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/8092094091099099/Some-Secrets-of-the-Quran-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/8092094090099092/The-Moral-Values-of-the-Quran-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/8092094091097093/Islam-Denounces-Terrorism-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/8092094093096099/Understanding-Islam---Quick-Grasp-of-Faith-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/1093096098097092/Darwinism-Refuted-How-the-Theory-of-Evolution-Breaks-Down-in-the-Light-of-Modern-Science-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/1094092090093097/The-Errors-of-the-National-Academy-of-Sciences-A-Reply-to-the-Booklet-Science-and-Creationism-by-Harun-Yahya.pdf
    • http://loaminoo.linkpc.net/4091095090093090/When-Life-Begins-by-Abu-Yahya.pdf
    • http://loaminoo.linkpc.net/8092094090093091/Turbines-Compressors-And-Fans-by-S-M-Yahya.pdf
    • http://loaminoo.linkpc.net/4093090098092093/The-Collar-and-the-Bracelet-by-Yahya-Taher-Abdullah.pdf
    • http://loaminoo.linkpc.net/1090090098090095099/Archipel-Indonesia-Kingdoms-of-the-Sea-by-Andi-F-Yahya.pdf
    • http://loaminoo.linkpc.net/8092094091096098/28-Arabic-Short-Stories-In-Arabic-Language-by-Hasan-Yahya.pdf
    • http://loaminoo.linkpc.net/4098093096092093/As-Often-As-Miracles-by-Clementine-von-Radics.pdf
    • http://loaminoo.linkpc.net/1093090093096/Miracles-by-Mary-Kirk.pdf
    • http://loaminoo.linkpc.net/1091094098096096091/How-It-Is-with-Miracles-by-Peter-Ohren.pdf
    • http://loaminoo.linkpc.net/2093090098093099/Expect-Miracles-by-Joe-Vitale.pdf
    • http://loaminoo.linkpc.net/7095096096098094/Les-Faiseurs-de-Miracles-by-G-rard-Majax.pdf
    • http://loaminoo.linkpc.net/4092099097095092/The-Age-of-Miracles-by-Karen-Thompson-Walker.pdf
    • http://loaminoo.linkpc.net/40910950900930

Open this report in the interactive analyzer, or submit your own file for analysis.