Malicious PDF — malware analysis report

Static analysis result for SHA-256 c0ba5ec9a469b295…

MALICIOUS

PDF

16.6 KB Created: 2019-05-02 06:59:27 +01:00 Authoring application: mPDF 5.7
MD5: d9e93925429356805546658847630490 SHA-1: d2152a32a101088803be9a269c773cdd36f44dd2 SHA-256: c0ba5ec9a469b29518e98e890e7cbd41d41c8d183332fe41912a8fb22e44f80f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or SEO manipulation tactic. While the document body is heavily obfuscated, the presence of numerous links to PDF files on the same domain indicates a coordinated effort to direct users to external content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/6095095097095094/Pathfinder-Campaign-Setting-Undead-Unleashed-by-Adam-Daigle.pdf
    • http://loaminoo.linkpc.net/3097095094096097/Pathfinder-Pathfinder-1-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/7090099099096090/Novels-by-Maryjanice-Davidson-Undead-and-Unappreciated-Derik-s-Bane-Undead-and-Unreturnable-Undead-and-Unwed-Swimming-Without-a-Net-by-Books-LLC.pdf
    • http://loaminoo.linkpc.net/2097090091098095/Live-Undead-The-Undead-Chronicles-1-by-Steve-Warren.pdf
    • http://loaminoo.linkpc.net/3093096094096/Undead-and-Unwed-Undead-1-by-MaryJanice-Davidson.pdf
    • http://loaminoo.linkpc.net/1093096091096090/Undead-and-Unstable-Undead-11-by-MaryJanice-Davidson.pdf
    • http://loaminoo.linkpc.net/1093095090093097/The-Undead-Situation-Undead-1-by-Eloise-J-Knapp.pdf
    • http://loaminoo.linkpc.net/4096097091099/Undead-and-Unpopular-Undead-5-by-MaryJanice-Davidson.pdf
    • http://loaminoo.linkpc.net/1096095096097096/Undead-and-Uneasy-Undead-6-by-MaryJanice-Davidson.pdf
    • http://loaminoo.linkpc.net/5098098094097091/Star-Wars-The-Force-Unleashed-II-The-Force-Unleashed-2-by-W-Haden-Blackman.pdf
    • http://loaminoo.linkpc.net/6096099092099/The-Force-Unleashed-Star-Wars-The-Force-Unleashed-1-by-Sean-Williams.pdf
    • http://loaminoo.linkpc.net/4097099098092098/GEDLA-ADAM-The-Combat-of-Adam-Against-Satan-The-Book-of-Adam-amp-Eve-by-Ethiopian-Church.pdf
    • http://loaminoo.linkpc.net/3095098099096096/The-Undead-The-First-Seven-Days-The-Undead-1-7-by-R-R-Haywood.pdf
    • http://loaminoo.linkpc.net/6095095097095093/Lauren-Daigle---Look-Up-Child-by-Lauren-Daigle.pdf
    • http://loaminoo.linkpc.net/8091090098098099/Tales-of-the-Undead---Suffer-Eternal-Tales-of-the-Undead-Series-by-Wol-vriey.pdf
    • http://loaminoo.linkpc.net/9091091097095099/Elements-of-the-Undead-Omnibus-Elements-of-The-Undead-1-3-by-William-Esmont.pdf
    • http://loaminoo.linkpc.net/2093095095096099/Pathfinder-by-J-A-Jaken.pdf
    • http://loaminoo.linkpc.net/3097096099094093/Pathfinder-s-Way-The-Broken-Lands-1-by-T-A-White.pdf
    • http://loaminoo.linkpc.net/1097094098090093/PathFinder-TodHunter-Moon-1-by-Angie-Sage.pdf
    • http://loaminoo.linkpc.net/3090096097094090/Liar-s-Blade-Pathfinder-Tales-13-by-Tim-Pratt.pdf
    • http://loaminoo.linkpc.net/5098098094097091/Star-Wars-The-Force-Unleashed-II-The

Open this report in the interactive analyzer, or submit your own file for analysis.