Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1ea5c3d9c858cdb…

MALICIOUS

PDF

17.3 KB Created: 2019-05-01 17:48:57 +01:00 Authoring application: mPDF 5.7
MD5: c5a6409cb5a12f6d184fceb0051a4aa0 SHA-1: 799833977b8a936319aaedf4315937407952a0c3 SHA-256: d1ea5c3d9c858cdbe1d04ca37d69c98630b2da4f1ca54bebc4ce738b59eccfa4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various book-related PDFs. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The embedded URLs, while marked as confirmed benign in this analysis, are part of a link farm designed to drive traffic, suggesting a potential SEO manipulation or traffic-generation scheme that could be used for malicious purposes. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9925

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1094093093091099/The-Ender-s-Shadow-Series-Box-Set-Shadow-1-4-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/5094095097097092/Ender-s-Shadow-Shadow-1-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/4092094096097092/Ender-s-Shadow-Shadow-1-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/1093093095097094/Orson-Scott-Card-Series-Reading-Order-amp-Checklist-Series-List-in-Order---Ender-Series-Formic-War-Series-Shadow-Series-Ender-Series-amp-Tales-of-Alvin-Maker-Series-Listabook-Series-Order-Book-15-by-Listabook.pdf
    • http://loaminoo.linkpc.net/1091095091092098093/Ender-s-Shadow-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/3095093091098/Shadow-Puppets-The-Shadow-Series-3-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/4096097097095/First-Meetings-in-Ender-s-Universe-Ender-s-Saga-0-5-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/6090093095091095/Ender-s-Game-Ender-s-Saga-1-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/6096098096095/Ender-s-Game-Ender-s-Saga-1-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/1093096090092099/The-Ender-Quartet-Box-Set-The-Ender-Quintet-1-4-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/2092098096099091/Beyond-Ender-s-Game-Speaker-for-the-Dead-Xenocide-Children-of-the-Mind-Ender-s-Saga-2-4-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/2092098097092094/Ender-s-War-The-Ender-Quintet-1-2-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/2094099093098/Xenocide-Ender-s-Saga-3-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/5094095097097097/Xenocide-Ender-s-Saga-3-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/6097092096094094/Hijos-de-la-mente-Ender-s-Saga-4-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/4090091096095095/Speaker-for-the-Dead-Ender-s-Saga-2-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/2092098097095094/The-Ender-Wiggin-Saga-Ender-s-Saga-1-3-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/4096091099096/Treason-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/2093090091097092/Empire-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/6091093090096/Wyrms-by-Orson-Scott-Card.pdf
    • http://loaminoo.linkpc.net/6090093095091095/Ender-s-Game-End

Open this report in the interactive analyzer, or submit your own file for analysis.