Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb3768b4f8b99d85…

MALICIOUS

PDF

16.4 KB Created: 2019-05-02 01:24:39 +01:00 Authoring application: mPDF 5.7
MD5: f125be83070a1b6cfcd88ab5fd842607 SHA-1: c81b5f7fbe1cb2852d79996315c5f1c079382ae2 SHA-256: cb3768b4f8b99d8550fa41c13cfa97677fe5650ffd9437ca1a29058adf530cd7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are currently marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO manipulation to distribute malware or phishing content. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1095098092093092/Lord-of-Lies-The-Ea-Cycle-3-by-David-Zindell.pdf
    • http://loaminoo.linkpc.net/5093096099091/The-Wild-A-Requiem-for-Homo-Sapiens-2-by-David-Zindell.pdf
    • http://loaminoo.linkpc.net/2096097096098/Neverness-A-Requiem-for-Homo-Sapiens-0-by-David-Zindell.pdf
    • http://loaminoo.linkpc.net/5096099092097/The-Broken-God-A-Requiem-for-Homo-Sapiens-1-by-David-Zindell.pdf
    • http://loaminoo.linkpc.net/1091093093099097096/The-Lord-of-Lies-Strange-Threads-2-by-Sam-Bowring.pdf
    • http://loaminoo.linkpc.net/2090094092095093/Lord-of-Lies-Fallen-Ladies-3-by-Amy-Sandas.pdf
    • http://loaminoo.linkpc.net/1095093096095093/Here-Lies-Our-Sovereign-Lord-Stuart-Saga-6-Charles-II-3-by-Jean-Plaidy.pdf
    • http://loaminoo.linkpc.net/1090091090091090/American-Conspiracies-Lies-Lies-and-More-Dirty-Lies-that-the-Government-Tells-Us-by-Jesse-Ventura.pdf
    • http://loaminoo.linkpc.net/3094095099096090/Soul-of-the-World-The-Ascension-Cycle-1-by-David-Mealing.pdf
    • http://loaminoo.linkpc.net/2090099099094095/Body-of-Lies-by-David-Ignatius.pdf
    • http://loaminoo.linkpc.net/2092097097095096/Cycle-of-Rice-Cycle-of-Life-A-Story-of-Sustainable-Farming-by-Jan-Reynolds.pdf
    • http://loaminoo.linkpc.net/5091096097093092/Birth-Marriage-and-Death-Ritual-Religion-and-the-Life-Cycle-in-Tudor-and-Stuart-England-by-David-Cressy.pdf
    • http://loaminoo.linkpc.net/4090099091097095/Bill-O-Reilly-s-Legends-and-Lies-The-Real-West-by-David-Fisher.pdf
    • http://loaminoo.linkpc.net/3095093092094/Lord-of-the-Silver-Bow-Troy-1-by-David-Gemmell.pdf
    • http://loaminoo.linkpc.net/2099090093098096/Goddess-of-the-Ice-Realm-Lord-of-the-Isles-5-by-David-Drake.pdf
    • http://loaminoo.linkpc.net/2099090093097098/Master-of-the-Cauldron-Lord-of-the-Isles-6-by-David-Drake.pdf
    • http://loaminoo.linkpc.net/2099090093097092/Mistress-of-the-Catacombs-Lord-of-the-Isles-4-by-David-Drake.pdf
    • http://loaminoo.linkpc.net/1094095095091092/Love-Lies-amp-High-Heels-Love-Lies-and-More-Lies-1-by-Debby-Conrad.pdf
    • http://loaminoo.linkpc.net/4094092092092090/David-Lord-of-Honor-Lonely-Lords-9-by-Grace-Burrowes.pdf
    • http://loaminoo.linkpc.net/3091094091094091/Death-and-the-Jubilee-Lord-Francis-Powerscourt-2-by-David-Dickinson.pdf
    • http://loaminoo.linkpc.net/3094095099096090/Sou

Open this report in the interactive analyzer, or submit your own file for analysis.