Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2a1f0fe8fbcd1b7…

MALICIOUS

PDF

15.7 KB Created: 2019-04-30 17:35:54 +01:00 Authoring application: mPDF 5.7
MD5: a0577f76ceb9e89faeb8578c8de710a3 SHA-1: d0742295d25e29f854af81c86086a58db138d911 SHA-256: c2a1f0fe8fbcd1b704efc5171055aa2415fce59ae66c70d3220cc487627765ad
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malware. The ML classifier strongly indicated maliciousness. The primary heuristic identified a link farm hosted on loaminoo.linkpc.net, suggesting a distribution or redirection mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1090093098097099096/Breeding-Stock-by-Maggie-Chatterley.pdf
    • http://loaminoo.linkpc.net/8090099092092091/Stock-Market-Investing-for-Beginners-Understand-the-Basics-of-Stock-Market-within-2-Hours-by-Tyler-Yamazaki.pdf
    • http://loaminoo.linkpc.net/3095094090092096/Complete-Harlow-Series-Beneath-Him-Embracing-Him-Completing-Him-Harlow-Series-1-3-by-C-Shell.pdf
    • http://loaminoo.linkpc.net/7099090096097091/Human-Stock-Exchange-Human-Stock-Exchange-3-by-Xavier-Dorison.pdf
    • http://loaminoo.linkpc.net/4092091091094093/Melissa-Explains-It-All-Tales-from-My-Abnormally-Normal-Life-by-Melissa-Joan-Hart.pdf
    • http://loaminoo.linkpc.net/2097093097094094/What-I-Was-Doing-While-You-Were-Breeding-by-Kristin-Newman.pdf
    • http://loaminoo.linkpc.net/1091095092092090090/Modern-Pig-Breeding-by-J-A-Greenslade.pdf
    • http://loaminoo.linkpc.net/4099099096092097/The-Breeding-Tree-by-J-Andersen.pdf
    • http://loaminoo.linkpc.net/8091099096096096/En-Pointe-For-Love-by-Cynthia-Breeding.pdf
    • http://loaminoo.linkpc.net/2099099096099099/Breeding-Discontent-by-Wendy-Darling.pdf
    • http://loaminoo.linkpc.net/4098098095090091/A-Boy-of-Good-Breeding-by-Miriam-Toews.pdf
    • http://loaminoo.linkpc.net/2098097097090097/Breeding-Stations-Alliances-1-by-Chris-T-Kat.pdf
    • http://loaminoo.linkpc.net/8097090094092091/Tilman-Riemenschneider-by-Art-Stock.pdf
    • http://loaminoo.linkpc.net/1092096092098095/The-Breeding-Programme-Part-One-by-Claire-Marion.pdf
    • http://loaminoo.linkpc.net/1090093099090093090/Breeding-Slave-Book-Two-by-Maggie-Chatterley.pdf
    • http://loaminoo.linkpc.net/2093098095090093/Stud-Adventures-in-Breeding-by-Kevin-Conley.pdf
    • http://loaminoo.linkpc.net/4092093099097099/-Breeding-the-Virgins-Trilogy-3-by-Jillian-Valentine.pdf
    • http://loaminoo.linkpc.net/7096096095/Only-You-One-and-Only-1-by-Melanie-Harlow.pdf
    • http://loaminoo.linkpc.net/9090097091099091/Die-aus-dem-siebten-Stock-by-Susanne-K-Dietze.pdf
    • http://loaminoo.linkpc.net/4091099093090/Jonbull-s-Stock-Guide-by-J-P-Obienugh.pdf
    • http://loaminoo.linkpc.net/8091099096096096/En

Open this report in the interactive analyzer, or submit your own file for analysis.