Malicious PDF — malware analysis report

Static analysis result for SHA-256 bb35d1666bd08fbe…

MALICIOUS

PDF

14.3 KB Created: 2020-03-14 00:56:41 +00:00 Authoring application: mPDF 5.7
MD5: 8885a609aca1225d00df441ee53d146a SHA-1: 47fa01e9ae6d37f93783bfcc91a9aa7e3f22a877 SHA-256: bb35d1666bd08fbe89ba05aacfba85ca37540bc017fa129c1926a1b1a1e7717f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a heuristic firing for a link farm, with numerous embedded URLs pointing to external PDF files. The document body confirms the presence of these links, suggesting a lure to download further malicious content or engage in phishing. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://easckaolp.myhome.cx/3847845845848848/Witch-s-Sister-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/2844840841848849/Shiloh-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1844840842847/Night-Cry-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/4842842845844846/Going-Where-It-s-Dark-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/2847844842841849/Reluctantly-Alice-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/2847845846846843/The-Agony-of-Alice-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/4844848847849846/It-s-Not-Like-I-Planned-It-This-Way-Alice-16-18-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1843847845840845/Alice-the-Brave-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1843841844847845/Alice-in-Lace-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/2848847848842844/Sang-Spell-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1845840849845849/The-Solomon-System-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1848841841841848/Starting-with-Alice-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/5844842848849848/Emily-s-Fortune-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/3848842849849842/Zack-and-the-Turkey-Attack-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/9848841840843/Shiloh-Trilogy-Boxed-Set-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/2843849840848849/Alice-in-Rapture-Sort-of-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/4848845846841844/Carlotta-s-Kittens-Cat-Pack-3-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/2847845845840843/Alice-in-Rapture-Sort-Of-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1844847845840849/The-Boys-Start-the-War-Boy-Girl-Battle-1-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/1840844846848848/The-Healing-of-Texas-Jake-Cat-Pack-2-by-Phyllis-Reynolds-Naylor.pdf
    • http://easckaolp.myhome.cx/3848842849849842/Zack-and-the-Turkey-Attack-by-Phyl

Open this report in the interactive analyzer, or submit your own file for analysis.