Malicious PDF — malware analysis report

Static analysis result for SHA-256 c841b85801357c53…

MALICIOUS

PDF

13.2 KB Created: 2019-04-30 09:33:00 +01:00 Authoring application: mPDF 5.7
MD5: 0ea3738e0ed157496aadfe8f16837042 SHA-1: 5d7e758f830bc3f1fd41903e4cd48004f7626318 SHA-256: c841b85801357c53e608fb7da95864f6211d08ffb78efb86e91925b8a54b7fe3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of links to external PDF documents, hosted on the domain 'loaminoo.linkpc.net'. This behavior is indicative of a link farm or a redirection scheme designed to drive traffic to potentially malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8094098090098099/Pati-s-Mexican-Table-The-Secrets-of-Real-Mexican-Home-Cooking-by-Pati-Jinich.pdf
    • http://loaminoo.linkpc.net/8098096098093/The-First-Book-of-Swords-Books-of-Swords-1-by-Fred-Saberhagen.pdf
    • http://loaminoo.linkpc.net/1095097098099094/The-Third-Book-of-Lost-Swords-Stonecutter-s-Story-Lost-Swords-3-by-Fred-Saberhagen.pdf
    • http://loaminoo.linkpc.net/3095091099094092/Revolution-Earth-by-Lambert-Nagle.pdf
    • http://loaminoo.linkpc.net/4097090091098094/Whores-and-Other-Feminists-by-Jill-Nagle.pdf
    • http://loaminoo.linkpc.net/2099094091095095/Nagle-einen-Pudding-an-die-Wand-by-Christine-N-stlinger.pdf
    • http://loaminoo.linkpc.net/3093090092095092/The-Strategy-and-Tactics-of-Pricing-A-Guide-to-Growing-More-Profitably-by-Thomas-T-Nagle.pdf
    • http://loaminoo.linkpc.net/3097094096094091/Flashing-Swords-1-by-Lin-Carter.pdf
    • http://loaminoo.linkpc.net/1092095095098093/Sky-of-Swords-by-Dave-Duncan.pdf
    • http://loaminoo.linkpc.net/4094097091096095/New-The-Two-of-Swords-by-Sean-Michael.pdf
    • http://loaminoo.linkpc.net/3098098091092096/King-of-Swords-Arcana-1-by-Bianca-D-39-Arc.pdf
    • http://loaminoo.linkpc.net/1092093097095096/Hearts-and-Swords-by-Robin-D-Owens.pdf
    • http://loaminoo.linkpc.net/1099092091094098/Prince-of-Swords-by-Anne-Stuart.pdf
    • http://loaminoo.linkpc.net/1097095097092090/Of-Pens-and-Swords-by-Rena-Rocford.pdf
    • http://loaminoo.linkpc.net/8093092095091096/Swords-and-Saddles-by-Jack-Campbell.pdf
    • http://loaminoo.linkpc.net/3099098094093092/King-of-Swords-by-Russell-Blake.pdf
    • http://loaminoo.linkpc.net/4093099097091090/The-Queen-of-Swords-by-Nina-Mason.pdf
    • http://loaminoo.linkpc.net/5090095093099090/City-of-Swords-by-Mary-Hoffman.pdf
    • http://loaminoo.linkpc.net/1099097095096/Swords-of-the-Rainbow-by-Eric-Garber.pdf
    • http://loaminoo.linkpc.net/9095097097093/The-Knight-of-the-Swords-Corum-1-by-Michael-Moorcock.pdf
    • http://loaminoo.linkpc.net/1092093097095096/Hearts-and-Swords-by-Rob

Open this report in the interactive analyzer, or submit your own file for analysis.