Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4ffcede2b2ea02c…

MALICIOUS

PDF

16.1 KB Created: 2019-05-02 01:07:06 +01:00 Authoring application: mPDF 5.7
MD5: a2d855bc52667bd47e9c352b2dd779e1 SHA-1: f27e4f0a8abfbbb22183a1937fd7e1dce5d294b9 SHA-256: b4ffcede2b2ea02cafad1db22e736dcd38af5950756baeb6bf6ebfb1117a091a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links, identified as a PDF link farm. These links, disguised as poetry books, likely serve to direct users to malicious content or phishing sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/6096093094092098/Poetry-in-Composition-A-Coffee-Table-Book-of-Poetry-and-Photos-by-Angel-Leya.pdf
    • http://loaminoo.linkpc.net/9092095093093093/My-poetry-depicts-you-An-anthology-of-contemporary-Kurdish-poetry-by-Rebwar-Fatah.pdf
    • http://loaminoo.linkpc.net/8090097099097/Getting-Into-Poetry-A-Readers-and-Writers-Guide-to-the-Poetry-Scene-by-Paul-Hyland.pdf
    • http://loaminoo.linkpc.net/4090091096092098/Poetry-Changes-Lives-Daily-Thoughts-on-Poetry-and-History-by-Christopher-Burn.pdf
    • http://loaminoo.linkpc.net/4095099093093093/Partial-Eclipse-A-Book-of-Poetry-Vassar-Miller-Prize-in-Poetry-1-by-Tony-Sanders.pdf
    • http://loaminoo.linkpc.net/1098092097098098/Poetry-180-A-Turning-Back-to-Poetry-by-Billy-Collins.pdf
    • http://loaminoo.linkpc.net/4099095095095090/A-Boom-in-the-Room-an-Anthology-of-Student-Poetry-Student-Poetry-Anthologies-Book-1-by-Annie-Douglass-Lima.pdf
    • http://loaminoo.linkpc.net/7092092093093099/The-Sound-of-Poetry-The-Poetry-of-Sound-by-Perloff-Marjorie.pdf
    • http://loaminoo.linkpc.net/1098093092097/No-Sign-of-Ceasefire-An-Anthology-of-Contemporary-Israeli-Poetry-An-Anthology-of-Contemporary-Israeli-Poetry-by-Warren-Bargad.pdf
    • http://loaminoo.linkpc.net/4095099096097095/The-New-Poetry-by-Al-lvarez.pdf
    • http://loaminoo.linkpc.net/4098093098097094/Shadows-of-Poetry-by-A-F-Stewart.pdf
    • http://loaminoo.linkpc.net/4095098097093094/The-Poetry-of-my-Soul-by-Grasshopper-Bot.pdf
    • http://loaminoo.linkpc.net/4090098098097096/Tears-of-Poetry-by-A-F-Stewart.pdf
    • http://loaminoo.linkpc.net/9090093095096090/Poetry-from-Within-by-Amaryllis-Santiago.pdf
    • http://loaminoo.linkpc.net/6095095095092098/Nearly-Too-Much-The-Poetry-of-J-H-Prynne-by-N-H-Reeve.pdf
    • http://loaminoo.linkpc.net/2090097091098094/Poems-or-Poetry-by-Byron-Goines.pdf
    • http://loaminoo.linkpc.net/1091092092091096095/Poetry-in-Motion-by-Carolyn-Vermes.pdf
    • http://loaminoo.linkpc.net/5090096097097099/The-Work-of-Poetry-by-John-Hollander.pdf
    • http://loaminoo.linkpc.net/1093094092099091/The-Lymond-Poetry-by-Dorothy-Dunnett.pdf
    • http://loaminoo.linkpc.net/2091098099095/Poetry-And-The-World-by-Robert-Pinsky.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.