Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb98332943a15863…

MALICIOUS

PDF

13.5 KB Created: 2019-05-01 18:23:02 +01:00 Authoring application: mPDF 5.7
MD5: 7f124ff8bc68cf4efc7bb2364ae3859e SHA-1: 6d1c4b791899213dbbd39c827c6d3cbedd8669df SHA-256: cb98332943a15863562c1b1a2787fcad7de5597f39c7b8a472dfb4931a06d1e2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files. The heuristic PDF_SEO_LINK_FARM indicates this is a link farm designed to drive traffic. The URLs are hosted on a dynamic DNS domain, suggesting a low-reputation hosting environment. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the exact intent beyond link distribution.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/4209206204200202/No-Signposts-in-the-Sea-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/3204203204208204/The-Edwardians-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/1206205208207209/The-Land-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/2203203200207202/The-Garden-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/2204207202206207/Saint-Joan-of-Arc-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/1200202208208204/All-Passion-Spent-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/4201202203202209/The-Tale-Of-Mr-Peter-Brown---Chelsea-Justice-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/9201207200205203/Twelve-Days-in-Persia-Across-the-Mountains-with-the-Bakhtiari-Tribe-by-Vita-Sackville-West.pdf
    • http://xiixmcuin.linkpc.net/3206207203203200/Stars-and-Their-Purpose-Signposts-in-Space-by-Werner-Gitt.pdf
    • http://xiixmcuin.linkpc.net/2202201204201202/West-by-West-My-Charmed-Tormented-Life-by-Jerry-West.pdf
    • http://xiixmcuin.linkpc.net/4201205205200207/Brother-West-Living-and-Loving-Out-Loud-A-Memoir-by-Cornel-West.pdf
    • http://xiixmcuin.linkpc.net/5206204203206/My-Discovery-Of-The-West-A-Discussion-of-East-and-West-in-Canada-by-Stephen-Leacock.pdf
    • http://xiixmcuin.linkpc.net/4203207208206200/Fela-From-West-Africa-to-West-Broadway-by-Trevor-Schoonmaker.pdf
    • http://xiixmcuin.linkpc.net/5201203205204208/La-vita-in-comune-by-Letizia-Muratori.pdf
    • http://xiixmcuin.linkpc.net/8204208204207202/La-mia-vita-in-barca-2-by-Tadao-Tsuge.pdf
    • http://xiixmcuin.linkpc.net/2206204200209209/Vita-Sexualis-by-gai-Mori.pdf
    • http://xiixmcuin.linkpc.net/8202202202209204/Una-vita-come-tante-by-Hanya-Yanagihara.pdf
    • http://xiixmcuin.linkpc.net/1201205205200209200/Delicious-og-enkel-Kylling-by-Vita-Snell.pdf
    • http://xiixmcuin.linkpc.net/1201200208204201201/Tutta-la-vita-in-un-abbraccio-by-Cristiano-Silvi.pdf
    • http://xiixmcuin.linkpc.net/7204203202203201/Satchmo-La-mia-vita-a-New-Orleans-by-Louis-Armstrong.pdf
    • http://xiixmcuin.linkpc.net/4203207208206200/Fela-From-West-Africa-to-West-Broadway-by

Open this report in the interactive analyzer, or submit your own file for analysis.