Malicious PDF — malware analysis report

Static analysis result for SHA-256 da5295127f79fdee…

MALICIOUS

PDF

16.3 KB Created: 2019-05-02 00:15:56 +01:00 Authoring application: mPDF 5.7
MD5: 5d9c5e3a9c8723e3fed3dd9b4e7da5f8 SHA-1: 610c91cec45d0c7145883cb7c365b5cd1d35704a SHA-256: da5295127f79fdee33869c580f2b92eb57b22d722ea10095a8c923b5cc279cd7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded URLs, forming a link farm. The heuristic 'PDF_SEO_LINK_FARM' indicates that these links are likely intended to direct users to external websites, potentially for SEO manipulation or to host malicious content. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure. The primary attack pattern observed is the distribution of numerous external links.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2091099099096092/Broken-Promises-Broken-1-by-Dawn-Pendleton.pdf
    • http://loaminoo.linkpc.net/2099090095090091/Broken-Dreams-Broken-2-by-Dawn-Pendleton.pdf
    • http://loaminoo.linkpc.net/7092093098092/Beautiful-Broken-Promises-Broken-3-by-Kimberly-Lauren.pdf
    • http://loaminoo.linkpc.net/2092094097097098/Broken-Promises-by-Elizabeth-Cobbs.pdf
    • http://loaminoo.linkpc.net/2092097092/Broken-Promises-The-Secret-Life-of-Trystan-Scott-6-by-H-M-Ward.pdf
    • http://loaminoo.linkpc.net/4099097094091097/Crucial-Confrontations-Tools-for-Resolving-Broken-Promises-Violated-Expectations-and-Bad-Behavior-by-Kerry-Patterson.pdf
    • http://loaminoo.linkpc.net/1097093098097092/Broken-Hearts-Kaleigh-s-Revenge-Broken-Wings-2-by-Sandra-Love.pdf
    • http://loaminoo.linkpc.net/6092094097094091/Defiant-A-Broken-Body-Is-Not-a-Broken-Person-by-Janine-Shepherd.pdf
    • http://loaminoo.linkpc.net/3094099097096096/Beneath-the-Broken-Moon-Part-Three-Broken-3-by-Sarah-M-kel-.pdf
    • http://loaminoo.linkpc.net/3094099097097096/Beneath-the-Broken-Moon-Part-One-Broken-1-by-Sarah-M-kel-.pdf
    • http://loaminoo.linkpc.net/3093093099095096/Broken-by-Lies-Bound-and-Broken-1-by-Rebecca-Shea.pdf
    • http://loaminoo.linkpc.net/3098092090097/Beautiful-Broken-Rules-Broken-1-by-Kimberly-Lauren.pdf
    • http://loaminoo.linkpc.net/2097098097095090/Broken-Silence-Broken-Trilogy-2-by-Jade-Buchanan.pdf
    • http://loaminoo.linkpc.net/5091096099097/Beautiful-Broken-Rules-Broken-1-by-Kimberly-Lauren.pdf
    • http://loaminoo.linkpc.net/8099098094094/The-Consumerist-Manifesto-Handbook-The-Guerilla-s-Guide-to-Making-Corporations-Pay-for-Faulty-Goods-Substandard-Services-and-Broken-Promises-by-Charles-Selden.pdf
    • http://loaminoo.linkpc.net/1098091096091094/The-Broken-Destiny-Broken-1-by-Carlyle-Labuschagne.pdf
    • http://loaminoo.linkpc.net/2090098090097099/Unforgivably-Broken-Broken-2-by-Maegan-Abel.pdf
    • http://loaminoo.linkpc.net/2099097092093096/Broken-Broken-Wings-1-by-Sandra-Love.pdf
    • http://loaminoo.linkpc.net/3090098097098095/Broken-Broken-Wings-1-by-Sandra-Love.pdf
    • http://loaminoo.linkpc.net/1097093098093098/Broken-Wings-Broken-1-by-Erika-Ashby.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.