Malicious PDF — malware analysis report

Static analysis result for SHA-256 b541b1046a582b3e…

MALICIOUS

PDF

13.6 KB Created: 2019-05-01 17:04:00 +01:00 Authoring application: mPDF 5.7
MD5: dbc690c6e4929c5534b355b693d1c21d SHA-1: 4e631dd68e0af981e5789d3d3deb141aebf37da0 SHA-256: b541b1046a582b3e7ad756bf0ace14b3ac2aefbe87415cfb6fb64a7782b55a0e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDFs hosted on the 'loaminoo.linkpc.net' domain. This heuristic firing, combined with the ML classifier, strongly suggests a malicious intent, likely related to SEO poisoning or distributing further malware. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a more detailed analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7094096095093/No-Child-of-Mine-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/3093096098093093/No-Child-of-Mine-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/6097097097098093/Child-of-Mine-by-David-Lewis.pdf
    • http://loaminoo.linkpc.net/2092098097095093/Child-of-Satan-Child-of-God-by-Susan-Atkins---Whitehouse.pdf
    • http://loaminoo.linkpc.net/2090098093091/Which-Child-Is-Mine-by-Karen-Rose-Smith.pdf
    • http://loaminoo.linkpc.net/8092095098094/Your-Planet-or-Mine-Otherworldly-Men-1-by-Susan-Grant.pdf
    • http://loaminoo.linkpc.net/8094093094097/Only-Mine-Fool-s-Gold-4-by-Susan-Mallery.pdf
    • http://loaminoo.linkpc.net/3097099093091095/Sunday-s-Child-by-Tom-Lewis.pdf
    • http://loaminoo.linkpc.net/4094095094090095/This-Heart-of-Mine-Chicago-Stars-5-by-Susan-Elizabeth-Phillips.pdf
    • http://loaminoo.linkpc.net/1091091097090/Nobody-s-Baby-But-Mine-Chicago-Stars-3-by-Susan-Elizabeth-Phillips.pdf
    • http://loaminoo.linkpc.net/3097090092098/This-Heart-of-Mine-Chicago-Stars-5-by-Susan-Elizabeth-Phillips.pdf
    • http://loaminoo.linkpc.net/3092098090093098/Nobody-s-Baby-But-Mine-Chicago-Stars-3-by-Susan-Elizabeth-Phillips.pdf
    • http://loaminoo.linkpc.net/7092098096096/Stolen-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/1090099093099092099/Missing-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/4097091094096093/Never-Say-Goodbye-A-Novel-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/2097092093092093/Rex-A-Mother-Her-Autistic-Child-and-the-Music-that-Transformed-Their-Lives-by-Cathleen-Lewis.pdf
    • http://loaminoo.linkpc.net/6093097096093093/Cruel-Venus-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/6094098090090096/Hesitation-Marks-by-Susan-Lewis.pdf
    • http://loaminoo.linkpc.net/1090091095093095096/Finding-Infinity-by-Susan-Kiernan-Lewis.pdf
    • http://loaminoo.linkpc.net/2097092093094098/The-Chase-Jill-Lewis-1-by-Susan-Wales.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.