Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0121dbb64e50579…

MALICIOUS

PDF

15.3 KB Created: 2019-05-06 16:49:44 +01:00 Authoring application: mPDF 5.7
MD5: 88d8b2b473df486620d4cefd00e21317 SHA-1: f007f0edae8a24439cb69c6b4c1a799cb0f7e8b2 SHA-256: d0121dbb64e50579d3eee6c8b6874f4ad6087b3ea0b3f304e77dd9acbc99a76a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, a technique often used for SEO manipulation or to redirect users to malicious content. While the document body is unreadable, the PDF_SEO_LINK_FARM heuristic indicates a mass link farm. The embedded URLs, though many are marked benign, originate from a single domain, suggesting a coordinated effort. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/9204205209200204/My-First-Body-Board-Book-My-1st-Board-Books-by-Iris-Rosoff.pdf
    • http://xiixmcuin.linkpc.net/1208201204207207/Mi-Libro-De-Las-Buenas-My-Good-Night-Book-illustrated-by-Eloise-Wilken-A-Shape-Board-Book-by-Golden-Books.pdf
    • http://xiixmcuin.linkpc.net/4208200208200206/The-Fuzzytail-Friends-Great-Egg-Hunt-Peek-a-Board-Books-by-Katharine-Ross.pdf
    • http://xiixmcuin.linkpc.net/6209200203202202/Colors-Board-Book-by-Thierry-Laval.pdf
    • http://xiixmcuin.linkpc.net/6200203200203200/The-Night-Before-Christmas-Board-Book-by-Clement-C-Moore.pdf
    • http://xiixmcuin.linkpc.net/3204202201202205/Forest-Nature-Board-Book-by-Susan-Deming.pdf
    • http://xiixmcuin.linkpc.net/8203201201203203/ABC-Animal-Rhymes-for-You-and-Me-Board-Book-by-Giles-Andreae.pdf
    • http://xiixmcuin.linkpc.net/1201202201206207209/Munch-Mini-Board-Book-by-Matthew-Van-Fleet.pdf
    • http://xiixmcuin.linkpc.net/7200201206203203/Jingle-Bells-A-Chubby-Board-Book-by-Normand-Chartier.pdf
    • http://xiixmcuin.linkpc.net/7209200203205206/The-Official-Olympiads-Book-of-Reasoning-Class-7-by-MTG-editorial-board.pdf
    • http://xiixmcuin.linkpc.net/4204200204209209/Arthur-Goes-to-School-Great-Big-Board-Book-by-Marc-Brown.pdf
    • http://xiixmcuin.linkpc.net/9207203206206209/Barbie-and-the-Magic-of-Pegasus-Read-Aloud-Board-Book-by-Mary-Man-Kong.pdf
    • http://xiixmcuin.linkpc.net/1201207207200201208/My-First-Spanish-Word-Board-Book-mi-Primer-Libro-De-Palabras-En-Espanol-by-Angela-Wilkes.pdf
    • http://xiixmcuin.linkpc.net/4201203205209207/Board-by-David-C-Flanagan.pdf
    • http://xiixmcuin.linkpc.net/3204207202206203/Even-a-Daughter-Is-Better-Than-Nothing-by-Mykel-Board-Et.pdf
    • http://xiixmcuin.linkpc.net/2204209202204208/Baby-on-Board-by-Dahlia-Rose.pdf
    • http://xiixmcuin.linkpc.net/4207204201201/Pippi-Goes-on-Board-by-Astrid-Lindgren.pdf
    • http://xiixmcuin.linkpc.net/1201208201207200/Memory-Board-by-Jane-Rule.pdf
    • http://xiixmcuin.linkpc.net/8204200203205203/Skate-board-skateboard-by-Amanda-Rondeau.pdf
    • http://xiixmcuin.linkpc.net/1201209204201209206/The-Official-SAT-Study-Guide-by-The-College-Board.pdf
    • http://xiixmcuin.linkpc.net/1201202201206207209

Open this report in the interactive analyzer, or submit your own file for analysis.