Malicious PDF — malware analysis report

Static analysis result for SHA-256 db236a1875c2da69…

MALICIOUS

PDF

17.2 KB Created: 2019-05-04 13:36:28 +01:00 Authoring application: mPDF 5.7
MD5: 67801ec0bfbf98f3584f6d465670d273 SHA-1: 8bdd05804d9787da718f32b0fd5168cec9ac124d SHA-256: db236a1875c2da691443928293646e12818e844e56cea982930fc888c433743e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These links point to external websites, suggesting a tactic to drive traffic or distribute malicious content. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing indicate a suspicious pattern. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5099095093099096/The-Plays-of-Maurice-Maeterlinck-Alladine-and-Palomides-Pelleas-and-Melisande-Home-and-the-Death-of-Tintagiles-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095099092092/The-Plays-of-Maurice-Maeterlinck-by-Maurice-1862-1949-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095096097094/The-Intruder-the-Blind-the-Seven-Princesses-the-Death-of-Tintagiles-1920-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/8091094096092099/Maurice-Maeterlinck-Anthology-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095099097092/The-Life-of-the-Ant-by-Maurice-Maeterlinck-by-Maurice-Materlinck.pdf
    • http://loaminoo.linkpc.net/6095095096092098/The-Life-of-the-Bee-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095096098094/Hothouses-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095099091094/Joyzelle-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095096097092/Three-Pre-Surrealist-Plays-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095099097096/Before-The-Great-Silence-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095096093098/Maurice-Maeterlinck-by-Edward-Thomas.pdf
    • http://loaminoo.linkpc.net/6095095096093099/The-Life-of-the-White-Ant-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095099097097/The-Betrothal-A-Sequel-to-the-Blue-Bird-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/6095095099097091/Life-and-Writings-of-Maurice-Maeterlinck-by-Jethro-Bithell.pdf
    • http://loaminoo.linkpc.net/6095095097096093/Maurice-Maeterlinck-Mystic-and-Dramatist-by-Patrick-F-Mahony.pdf
    • http://loaminoo.linkpc.net/5099095094090092/P-ll-as-and-M-lisande-Alladine-and-Palomides-Home-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/5099095095090098/Woyzeck-Pelleas-and-Melisande-Ubu-Roi-Three-Translations-from-the-Cutting-Ball-Theater-by-Maurice-Maeterlinck.pdf
    • http://loaminoo.linkpc.net/1090093098092090094/Literature-and-the-Right-to-Death-by-Maurice-Blanchot.pdf
    • http://loaminoo.linkpc.net/6094098095094094/Where-the-Wild-Things-Are-Story-and-Pictures-by-Maurice-Sendak-by-Maurice-Sendak.pdf
    • http://loaminoo.linkpc.net/5092096097095099/Chef-Maurice-and-the-Wrath-of-Grapes-Chef-Maurice-Mysteries-2-by-J-A-Lang.pdf
    • http://loaminoo.linkpc.net/6095095096097092/Three

Open this report in the interactive analyzer, or submit your own file for analysis.