Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba65c5cb93ce7b02…

MALICIOUS

PDF

15.3 KB Created: 2019-04-30 04:49:23 +01:00 Authoring application: mPDF 5.7
MD5: ac64e3abcd07dccfc924121370f4a68d SHA-1: 08ff6a5875c64ebf4314b080f31163d024964de9 SHA-256: ba65c5cb93ce7b026e49efce018e94dccd806b060c9ce63a151b0cb7d06171b0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a critical heuristic for a link farm, containing numerous embedded URLs. The ML classifier also flagged this PDF as malicious with high confidence. While no scripts were extracted, the sheer volume of links suggests a phishing or malware distribution attempt. The primary attack pattern involves leveraging these links to redirect users to potentially harmful external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7099095094090091/The-Last-Elf-by-George-P-Saunders.pdf
    • http://loaminoo.linkpc.net/6095093099099/Pastoralia-by-George-Saunders.pdf
    • http://loaminoo.linkpc.net/1094090095090090/Pastoralia-by-George-Saunders.pdf
    • http://loaminoo.linkpc.net/2094094099099093/Lincoln-in-the-Bardo-by-George-Saunders.pdf
    • http://loaminoo.linkpc.net/4090093093098096/Chronicle-of-the-Roman-Emperors-The-Reign-by-Reign-Record-of-the-Rulers-of-Imperial-Rome-by-Christopher-Scarre.pdf
    • http://loaminoo.linkpc.net/4092092093094096/The-Most-Frightening-Story-Ever-Told-by-Philip-Kerr.pdf
    • http://loaminoo.linkpc.net/4092091096097098/Keeper-of-Reign-Reign-1-by-Emma-Right.pdf
    • http://loaminoo.linkpc.net/8092096099093090/Farmer-Phil-s-Permaculture-by-Phil-M-Williams.pdf
    • http://loaminoo.linkpc.net/1094093096093092/Phil-Gordon-s-Little-Blue-Book-More-Lessons-and-Hand-Analysis-in-No-Limit-Texas-Hold-em-by-Phil-Gordon.pdf
    • http://loaminoo.linkpc.net/7092091091/Reign-of-the-Fallen-Reign-of-the-Fallen-1-by-Sarah-Glenn-Marsh.pdf
    • http://loaminoo.linkpc.net/1091091093096094093/Dining-with-Terrorists-Phil-Rees-by-Phil-Rees.pdf
    • http://loaminoo.linkpc.net/3092090090093/Beswitched-by-Kate-Saunders.pdf
    • http://loaminoo.linkpc.net/2093096095090092/Renatus-by-John-A-Saunders.pdf
    • http://loaminoo.linkpc.net/1090096099096097097/Alanna-by-Alan-Saunders.pdf
    • http://loaminoo.linkpc.net/4094090099094096/Monica-by-Saunders-Lewis.pdf
    • http://loaminoo.linkpc.net/2093096095090093/Renatus-2-by-John-A-Saunders.pdf
    • http://loaminoo.linkpc.net/3098092099097096/The-Land-of-Neverendings-by-Kate-Saunders.pdf
    • http://loaminoo.linkpc.net/3094092093092097/Total-D-ck-Bad-Bitch-3-by-Christina-Saunders.pdf
    • http://loaminoo.linkpc.net/3094092093092098/Hardass-Bad-Bitch-2-by-Christina-Saunders.pdf
    • http://loaminoo.linkpc.net/9097091097093090/Sons-of-Anubis-by-Robin-Saunders.pdf
    • http://loaminoo.linkpc.net/7092091091/Reign-of-the-Fallen-Reign-of-the-Fallen-1-by-Sarah-Glenn-Marsh

Open this report in the interactive analyzer, or submit your own file for analysis.