Malicious PDF — malware analysis report

Static analysis result for SHA-256 caaec39390579395…

MALICIOUS

PDF

16.6 KB Created: 2019-04-29 23:33:22 +01:00 Authoring application: mPDF 5.7
MD5: e63b8949c58e5d9a5dcf94a04b7a4907 SHA-1: c2690baff0d500b742f755a8e23dc7de77112189 SHA-256: caaec3939057939511af1052c0b0193d09a9c60872c0ffd027fed8455e0111e6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, indicative of a link farm or a method to distribute further malicious content. The embedded URLs, while currently marked as benign, are part of a pattern often used to redirect users to malicious sites or download further payloads. The primary attack pattern observed is the use of a PDF document to host and distribute links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9913

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3095097094093097/Midnight-Rising-Midnight-Breed-4-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/2094098099093093/Tempted-by-Midnight-Midnight-Breed-12-5-1001-Dark-Nights-9-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/2090098093098094/Midnight-Breed-Trilogy-Midnight-Breed-1-3-amp-8-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3093097097094/Midnight-Awakening-Midnight-Breed-3-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/1097092094092093/Midnight-Awakening-Midnight-Breed-3-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/1093093096090099/A-Touch-of-Midnight-Midnight-Breed-0-5-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/4090099095091094/Midnight-Awakening-Midnight-Breed-3-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/4090096091099096/Shades-of-Midnight-Midnight-Breed-7-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3097096093095097/A-Touch-of-Midnight-Midnight-Breed-0-5-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3099090092093094/Deeper-Than-Midnight-Midnight-Breed-9-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3094095098099/Ashes-of-Midnight-Midnight-Breed-6-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3093099096090090/Darker-After-Midnight-Midnight-Breed-10-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/3094099097094/Taken-by-Midnight-Midnight-Breed-8-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/2091093091093091/Taken-by-Midnight-Midnight-Breed-8-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/2097099095092098/Claimed-in-Shadows-Midnight-Breed-15-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/2091099098093092/The-Midnight-Breed-Series-Companion-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/1097092094092097/Kiss-of-Crimson-Midnight-Breed-2-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/4093095091090092/Edge-of-Dawn-Midnight-Breed-11-by-Lara-Adrian.pdf
    • http://loaminoo.linkpc.net/4094094091097099/The-Dark-Warrior-Series-The-Complete-Collection-Contains-Midnight-s-Master-Midnight-s-Lover-Midnight-s-Seduction-Midnight-s-Warrior-Midnight-s-Kiss-Surrender-novella-Dark-Warriors-by-Donna-Grant.pdf
    • http://loaminoo.linkpc.net/3091093099093092/The-Half-Breed-Vampire-Sons-of-Midnight-3-by-Theresa-Meyers.pdf
    • http://loaminoo.linkpc.net/3093099096090090/Darker-After-Mi

Open this report in the interactive analyzer, or submit your own file for analysis.