Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca88dfb2efcf1e73…

MALICIOUS

PDF

17.7 KB Created: 2019-05-03 05:05:15 +01:00 Authoring application: mPDF 5.7
MD5: b4016e76912722ee1a6612c6466f1dde SHA-1: 98793fc9ab0282797c19a7e25499615b9badd9ad SHA-256: ca88dfb2efcf1e73e091b1340ee23b9fb37e0b73ab8f2d943f02d3e6dbd6d9b5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the specific URLs extracted appear benign, the heuristic 'PDF_SEO_LINK_FARM' indicates a malicious intent to manipulate search engine results or distribute content through a large number of links. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3098096099092094/A-Journey-of-Faith-Prairie-River-1-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/2093096098092097/Across-the-Wide-and-Lonesome-Prairie-The-Diary-of-Hattie-Campbell-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/6098094096092/Across-the-Wide-and-Lonesome-Prairie-The-Oregon-Trail-Diary-of-Hattie-Campbell-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/5091093091093/Jenny-of-the-Tetons-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/7096095091095092/My-Darlin-Clementine-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/6092099098099097/Bronte-s-Book-Club-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/1097096097095092/Cleopatra-VII-Daughter-of-the-Nile-57-B-C-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/6093093096095092/Jimmy-Spoon-and-the-Pony-Express-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/2095091093094095/Cleopatra-An-Egyptian-Princess-s-Diary-AD-57-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/8090091099094/Cleopatra-VII-Daughter-of-the-Nile---57-B-C-Royal-Diaries-2-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/3095094096095099/Dear-America-The-Birth-of-Our-Nation-Collection-Box-Set-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/8097092099092/The-Great-Railroad-Race-the-Diary-of-Libby-West-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/8095092095094/The-Winter-of-Red-Snow-The-Revolutionary-War-Diary-of-Abigail-Jane-Stewart-Valley-Forge-Pennsylvania-1777-by-Kristiana-Gregory.pdf
    • http://loaminoo.linkpc.net/5092091096091095/Elk-River-by-Gregory-C-Randall.pdf
    • http://loaminoo.linkpc.net/2093093099090097/Mattie-s-Pledge-Journey-to-Pleasant-Prairie-2-by-Jan-Drexler.pdf
    • http://loaminoo.linkpc.net/4093098095091093/Naomi-s-Hope-Journey-to-Pleasant-Prairie-3-by-Jan-Drexler.pdf
    • http://loaminoo.linkpc.net/6097096093096098/Women-s-History-History-of-the-Prairie-West-5-by-Gregory-P-Marchildon.pdf
    • http://loaminoo.linkpc.net/2096095092096093/Taking-My-Life-Back-My-Story-of-Faith-Determination-and-Surviving-the-Boston-Marathon-Bombing-by-Rebekah-Gregory.pdf
    • http://loaminoo.linkpc.net/7094094093091096/Her-Prairie-Knight-Prairie-Brides-2-by-Kit-Morgan.pdf
    • http://loaminoo.linkpc.net/4092093099092090/Refractions-A-Journey-of-Faith-Art-and-Culture-by-Makoto-Fujimura.pdf
    • http://loaminoo.linkpc.net/2095091093094095/Cleopatra-An-Egy

Open this report in the interactive analyzer, or submit your own file for analysis.