Malicious PDF — malware analysis report

Static analysis result for SHA-256 b9becf8d156e43af…

MALICIOUS

PDF

13.1 KB Created: 2019-05-01 17:37:48 +01:00 Authoring application: mPDF 5.7
MD5: f25912b1c3c6e30b9168dcdff9014a1a SHA-1: f4352f3908aca5de511461b1484422fe088c516e SHA-256: b9becf8d156e43afa0e8bfaee42f03df5ba0903683a14b6174d959be489f3377
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs, many of which are numeric slugs pointing to book titles. This is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links and the heuristic firing suggest a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1091092099092096099/007---A-Licence-to-Bondage-by-Jack-Brighton.pdf
    • http://loaminoo.linkpc.net/2096092093095096/In-the-dark-by-Jack-Brighton.pdf
    • http://loaminoo.linkpc.net/4090092093092091/Nabbed-by-Jack-Brighton.pdf
    • http://loaminoo.linkpc.net/1099092098094093/His-Nemesis-Demands-His-Nemesis-3-by-Jack-Brighton.pdf
    • http://loaminoo.linkpc.net/4097096090097098/Licence-to-Depart-by-Alex-Sumner.pdf
    • http://loaminoo.linkpc.net/4091091099095096/Cecily-Neville-Mother-of-Kings-by-Amy-Licence.pdf
    • http://loaminoo.linkpc.net/6095099099093091/The-Licence-of-War-Laurence-Beaumont-2-by-Claire-Letemendia.pdf
    • http://loaminoo.linkpc.net/6090095099092098/Cecily-Neville-Mother-of-Kings-by-Amy-Licence.pdf
    • http://loaminoo.linkpc.net/1090091091094095095/Red-Roses-Blanche-of-Gaunt-to-Margaret-Beaufort-by-Amy-Licence.pdf
    • http://loaminoo.linkpc.net/3094090091094097/Elizabeth-of-York-The-Forgotten-Tudor-Queen-by-Amy-Licence.pdf
    • http://loaminoo.linkpc.net/6094093090095092/Catherine-of-Aragon-An-Intimate-Life-of-Henry-VIII-s-True-Wife-by-Amy-Licence.pdf
    • http://loaminoo.linkpc.net/1093095098096/Jack-on-the-Tracks-Four-Seasons-of-Fifth-Grade-Jack-Henry-4-by-Jack-Gantos.pdf
    • http://loaminoo.linkpc.net/8093091091096092/Brighton-MC-8-by-L-Ann-Marie.pdf
    • http://loaminoo.linkpc.net/2095092092098092/Bondage-At-Sea-by-Genevieve-Ash.pdf
    • http://loaminoo.linkpc.net/3096097096095093/The-Beautiful-Ones-by-Lori-Brighton.pdf
    • http://loaminoo.linkpc.net/8093091092098091/Three-For-Brighton-by-Martha-Kirkland.pdf
    • http://loaminoo.linkpc.net/8093091093096097/Thin-Ice-by-Brighton-Walsh.pdf
    • http://loaminoo.linkpc.net/4095097090099098/The-Boy-From-Brighton-by-Geoffrey-Knight.pdf
    • http://loaminoo.linkpc.net/2091097095092/From-Bondage-by-Henry-Roth.pdf
    • http://loaminoo.linkpc.net/8093091092097091/Dirty-Little-Secret-by-Brighton-Walsh.pdf
    • http://loaminoo.linkpc.net/8093091091096092/Brighton-MC-8-by-L-Ann-Mari

Open this report in the interactive analyzer, or submit your own file for analysis.