Malicious PDF — malware analysis report

Static analysis result for SHA-256 c52e45fd0e3e2ceb…

MALICIOUS

PDF

17.3 KB Created: 2019-05-02 02:00:07 +01:00 Authoring application: mPDF 5.7
MD5: f1f70e83f234a0e2d49f79f635b213ce SHA-1: 1e6870aea6fb5a4178aec497acd2bff3e4ffe149 SHA-256: c52e45fd0e3e2ceb47def9ba4a990af4b0a44e024ac88fdeb15cc70e44a477f1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the specific URLs appear to be benign, the sheer volume and structure suggest a malicious intent to manipulate search engine results or direct users to a malicious site through a link farm. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3095097098099093/The-Essential-Max-Brooks-World-War-Z-and-The-Zombie-Survival-Guide-by-Max-Brooks.pdf
    • http://loaminoo.linkpc.net/1090098094096/The-Zombie-Survival-Guide-Recorded-Attacks-by-Max-Brooks.pdf
    • http://loaminoo.linkpc.net/9092090092090091/The-Zombie-Survival-Guide-Recorded-Attack-Downtown-LA-by-Max-Brooks.pdf
    • http://loaminoo.linkpc.net/2092099097091092/World-War-Z-An-Oral-History-of-the-Zombie-War-by-Max-Brooks.pdf
    • http://loaminoo.linkpc.net/3097091095099091/World-War-Z-An-Oral-History-of-the-Zombie-War-by-Max-Brooks.pdf
    • http://loaminoo.linkpc.net/1092090096094093/In-a-World-Just-Right-by-Jen-Brooks.pdf
    • http://loaminoo.linkpc.net/4095096097098092/The-World-of-Shannara-by-Terry-Brooks.pdf
    • http://loaminoo.linkpc.net/1091092090097093092/Year-of-Wonders-by-Geraldine-Brooks-Summary-amp-Study-Guide-by-BookRags.pdf
    • http://loaminoo.linkpc.net/6091091097092098/Indies-Unlimited-Tutorials-and-Tools-for-Prospering-in-a-Digital-World-by-K-S-Brooks.pdf
    • http://loaminoo.linkpc.net/7096095099098093/How-to-Be-a-Zombie-The-Essential-Guide-for-Anyone-Who-Craves-Brains-by-Serena-Valentino.pdf
    • http://loaminoo.linkpc.net/6093097095095095/The-Zombie-Survival-Guide-How-To-Live-Like-A-King-After-The-Outbreak-by-Etienne-Guerin-DeForest.pdf
    • http://loaminoo.linkpc.net/1090099095092095090/Survival-Guide-30-Skills-To-Survive-Anywhere-In-The-World-by-Steve-Edwardson.pdf
    • http://loaminoo.linkpc.net/1091096094093098/When-Their-World-Stops-The-Essential-Guide-to-TRULY-Helping-Anyone-in-Grief-by-Anne-Marie-Lockmyer.pdf
    • http://loaminoo.linkpc.net/4097098093096093/Millionth-Circle-How-to-Change-Ourselves-and-the-World-The-Essential-Guide-to-Women-s-Circles-by-Jean-Shinoda-Bolen.pdf
    • http://loaminoo.linkpc.net/3092091098091/Being-by-Kevin-Brooks.pdf
    • http://loaminoo.linkpc.net/4093094094095093/Pam-Ann-by-Lindsey-Brooks.pdf
    • http://loaminoo.linkpc.net/4092097092092094/Distractions-by-J-L-Brooks.pdf
    • http://loaminoo.linkpc.net/6090096096097/This-Only-This-by-Michael-H-Brooks.pdf
    • http://loaminoo.linkpc.net/4092091094093091/Everyone-Gets-Eaten-by-Ben-Brooks.pdf
    • http://loaminoo.linkpc.net/2098094093090098/Being-by-Kevin-Brooks.pdf
    • http://loaminoo.linkpc.net/6091091097092098/Indies-Unlimited-Tutorials-and-Tool

Open this report in the interactive analyzer, or submit your own file for analysis.