Malicious PDF — malware analysis report

Static analysis result for SHA-256 c141cb6fbe7fb0ff…

MALICIOUS

PDF

15.4 KB Created: 2019-04-29 22:58:10 +01:00 Authoring application: mPDF 5.7
MD5: c9b56367a366badfe2133c08c8cb2ba5 SHA-1: 7183e3018eb3ae83f5ef02b0342f238288048f72 SHA-256: c141cb6fbe7fb0ff88394caa2d23959850fd0c593723560b965bef1bd9cf35fd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links, forming a link farm, with the dominant host being loaminoo.linkpc.net. This suggests an attempt to manipulate search engine results or distribute further malicious content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2092097098098093/The-Glister-by-John-Burnside.pdf
    • http://loaminoo.linkpc.net/1093099093090095/A-Lie-About-My-Father-A-Memoir-by-John-Burnside.pdf
    • http://loaminoo.linkpc.net/2091095094098090/The-Dumb-House-by-John-Burnside.pdf
    • http://loaminoo.linkpc.net/1090099097096097/The-Light-Trap-by-John-Burnside.pdf
    • http://loaminoo.linkpc.net/3099091092096092/The-Drowning-The-Drowning-1-by-Rachel-Ward.pdf
    • http://loaminoo.linkpc.net/1097093091099/In-the-Heat-of-the-Summer-by-John-Katzenbach.pdf
    • http://loaminoo.linkpc.net/2092095097098098/Live-Burnside-1-by-Mary-Ann-Rivers.pdf
    • http://loaminoo.linkpc.net/2091095097098097/Deadly-Innocence-by-Scott-Burnside.pdf
    • http://loaminoo.linkpc.net/1098099090091096/Laugh-Burnside-2-by-Mary-Ann-Rivers.pdf
    • http://loaminoo.linkpc.net/1091095098093095097/The-66-Summer-A-Novel-of-the-Segregated-South-by-John-Armistead.pdf
    • http://loaminoo.linkpc.net/4093092096092099/Fade-Route-Burnside-Series-2-by-David-Chill.pdf
    • http://loaminoo.linkpc.net/1090094098092093095/Batgirl---Die-neuen-Abenteuer-1-Willkommen-in-Burnside-by-Cameron-Stewart.pdf
    • http://loaminoo.linkpc.net/1091090099091095091/Double-Pass-Burnside-Series-Book-7-by-David-Chill.pdf
    • http://loaminoo.linkpc.net/3096094091099090/Summer-s-Journey-Volume-One---Losing-Control-Summer-s-Journey-1-by-Summer-Daniels.pdf
    • http://loaminoo.linkpc.net/6092099097091097/Memories-of-Drop-City-The-First-Hippie-Commune-of-the-1960-s-and-the-Summer-of-Love-by-John-Curl.pdf
    • http://loaminoo.linkpc.net/7092094091091091/Evil-Summer-Babe-Leopold-Dickie-Loeb-and-the-Kidnap-Murder-of-Bobby-Franks-by-John-Theodore.pdf
    • http://loaminoo.linkpc.net/3094096094095/Saving-Fish-from-Drowning-by-Amy-Tan.pdf
    • http://loaminoo.linkpc.net/4097098096090096/One-Man-Drowning-by-Steph-Minns.pdf
    • http://loaminoo.linkpc.net/1097094096098/The-Drowning-by-Jack-Ehrlich.pdf
    • http://loaminoo.linkpc.net/1093091098093093/Drowning-Anna-by-Sue-Mayfield.pdf
    • http://loaminoo.linkpc.net/1091090099091095091/Double-Pass-

Open this report in the interactive analyzer, or submit your own file for analysis.