Malicious PDF — malware analysis report

Static analysis result for SHA-256 da5b55107ed10d07…

MALICIOUS

PDF

12.5 KB Created: 2019-04-29 23:22:26 +01:00 Authoring application: mPDF 5.7
MD5: a292ccd22788299fe6fe9ef9925d5973 SHA-1: 8da04295798d98b034a1f99fc51d15ef66fba7ca SHA-256: da5b55107ed10d07bf0cf272365609be57a6ca0ced1af6612201f1fdb9690b44
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a link farm with numerous URLs pointing to external PDF files, likely intended to deceive users into downloading potentially malicious content. The heuristic 'PDF_SEO_LINK_FARM' directly indicates this behavior. No scripts were extracted from this sample, and the document body primarily consists of these URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc
    • http://loaminoo.linkpc.net/1091092095091096091/Saga-33-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/1090095095094090098/Saga-23-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/4090093097099097/Saga-16-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/4090094094092099/Saga-18-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/2094098092098094/Saga-43-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/4090094099099090/Saga-20-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/1096091093/Saga-Vol-5-Saga-5-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/2094099095090092/Saga-Vol-5-Saga-5-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/6099097096/Saga-Vol-8-Saga-8-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/1090093098099/Saga-Vol-1-Saga-1-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/2093099097096/Barrier-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/4096097095097098/Y-The-Last-Man-Book-One-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/4098091095093/Pride-of-Baghdad-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/9091096092094091/Y-The-Last-Man---E-n-kleine-stap-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/1099093093091091/Runaways-Deluxe-Vol-2-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/3090098092093098/Batman-False-Faces-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/1092099091098098/Y-The-Last-Man---The-Deluxe-Edition-Book-One-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/3098090090095097/The-Hood-Vol-1-Blood-from-Stones-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/1090099096092095094/Ultimate-X-Men-Volume-9-The-Tempest-by-Brian-K-Vaughan.pdf
    • http://loaminoo.linkpc.net/5095099090096092/Y-el-ltimo-hombre-Vol-4-Palabra-de-seguridad-Y-The-Last-Man-4-by-Brian-K-Vaughan.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.