Malicious PDF — malware analysis report

Static analysis result for SHA-256 c276608e4793bcb0…

MALICIOUS

PDF

15.7 KB Created: 2019-04-30 17:53:14 +01:00 Authoring application: mPDF 5.7
MD5: e06f2be40bc642fdfe300a96fee4f75a SHA-1: 8e046452559b6fefb160f9531487152235c899b8 SHA-256: c276608e4793bcb0fdf359e80dde831f401bd187c34f82c887bef32ac976fd90
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a domain that appears to be hosting a link farm, potentially for phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1090094098094095091/The-Black-Madonna-Storm-Syrrell-2-by-Davis-Bunn.pdf
    • http://loaminoo.linkpc.net/1090094098095096094/Glee-The-Music-The-Power-of-Madonna-by-Madonna.pdf
    • http://loaminoo.linkpc.net/1097099099091096/Demon-Derby-by-Carrie-Harris.pdf
    • http://loaminoo.linkpc.net/1091098094096098094/Harley-P-Davidsun-s-Loony-Bin-by-Ken-Derby.pdf
    • http://loaminoo.linkpc.net/2091096099099099/Ready-amp-Willing-Kentucky-Derby-2-by-Elizabeth-Bevarly.pdf
    • http://loaminoo.linkpc.net/4096091092099093/Curious-George-Boxcar-Derby-CGTV-8x8-by-H-A-Rey.pdf
    • http://loaminoo.linkpc.net/5097098094093/No-Dark-Valley-Derby-5-by-Jamie-Langston-Turner.pdf
    • http://loaminoo.linkpc.net/1091094096099093099/Derby-Divas-Zoe-Donovan-Mystery-8-by-Kathi-Daley.pdf
    • http://loaminoo.linkpc.net/8096093096093096/Dorothy-s-Derby-Chronicles-Rise-of-the-Undead-Redhead-by-Meghan-Dougherty.pdf
    • http://loaminoo.linkpc.net/5091093098092090/Dancer-s-Image-The-Forgotten-Story-of-the-1968-Kentucky-Derby-by-Milton-C-Toby.pdf
    • http://loaminoo.linkpc.net/5090092091097094/The-Kentucky-Derby-How-the-Run-for-the-Roses-Became-America-s-Premier-Sporting-Event-by-James-C-Nicholson.pdf
    • http://loaminoo.linkpc.net/2095091090093099/Headless-Horsemen-A-Tale-of-Chemical-Colts-Subprime-Sales-Agents-and-the-Last-Kentucky-Derby-on-Steroids-by-Jim-Squires.pdf
    • http://loaminoo.linkpc.net/4095095094099090/Being-Binah-by-Madonna.pdf
    • http://loaminoo.linkpc.net/1090094098095095097/Madonna-by-Michelle-Morgan.pdf
    • http://loaminoo.linkpc.net/1090094098093098094/Runway-Rose-by-Madonna.pdf
    • http://loaminoo.linkpc.net/1090094098094094090/American-Dreams-by-Madonna.pdf
    • http://loaminoo.linkpc.net/9095090099094093/The-Priest-s-Madonna-by-Amy-Hassinger.pdf
    • http://loaminoo.linkpc.net/1090094098093098099/Ready-Set-Vote-by-Madonna.pdf
    • http://loaminoo.linkpc.net/6097091095099090/The-Velvet-Madonna-by-Val-Raymonde.pdf
    • http://loaminoo.linkpc.net/1090094098094095090/Madonna-by-Daryl-Easlea.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.