Malicious PDF — malware analysis report

Static analysis result for SHA-256 dc97398602d65b26…

MALICIOUS

PDF

14.4 KB Created: 2019-04-30 03:43:12 +01:00 Authoring application: mPDF 5.7
MD5: ebdd2f5b40f612cf9a85519aa51060a8 SHA-1: 5a7b02209d5a2b3ebee1e9cc8e2fc98f23f444cc SHA-256: dc97398602d65b26c45b271ba0a52edccaa960b72ca66c7872c107e781269e48
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious Link

The PDF contains a large number of embedded URLs, identified as a link farm by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The embedded URLs, such as http://loaminoo.linkpc.net/1092094096092/The-Negotiator-O-Malley-1-by-Dee-Henderson.pdf, are likely used to direct users to malicious content or phishing pages.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1092094096092/The-Negotiator-O-Malley-1-by-Dee-Henderson.pdf
    • http://loaminoo.linkpc.net/1098097098093094/The-Protector-O-Malley-4-by-Dee-Henderson.pdf
    • http://loaminoo.linkpc.net/1091097090099096092/Henderson-s-Boys-Boxed-Set-1-6-Henderson-s-Boys-1-6-by-Robert-Muchamore.pdf
    • http://loaminoo.linkpc.net/1094096095099097/De-Mayor-of-Harlem-The-Poetry-of-David-Henderson-by-David-Henderson.pdf
    • http://loaminoo.linkpc.net/7098095093095098/Yugo-the-Negotiator-vol-1-21-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/5096097096098/The-Negotiator-by-Frederick-Forsyth.pdf
    • http://loaminoo.linkpc.net/7098095093096098/Yugo-The-Negotiator-Vol-16-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/7098095093095099/Yugo-The-Negotiator-Vol-1-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/7098095094090092/Yugo-The-Negotiator-Vol-22-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/7098095093096097/Yugo-The-Negotiator-Vol-20-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/7098095093096096/Yugo-The-Negotiator-Vol-19-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/7098095093096093/Yugo-The-Negotiator-Vol-3-by-Shu-Akana.pdf
    • http://loaminoo.linkpc.net/1091092095090098095/The-Negotiator-The-Munro-Family-6-by-Chris-Taylor.pdf
    • http://loaminoo.linkpc.net/5095094090/The-Negotiator-Harbor-City-1-by-Avery-Flynn.pdf
    • http://loaminoo.linkpc.net/3092099095097093/You-Can-Negotiate-Anything-The-World-s-Best-Negotiator-Tells-You-How-To-Get-What-You-Want-by-Herb-Cohen.pdf
    • http://loaminoo.linkpc.net/2091097099096095/The-Egg-Said-Nothing-by-Caris-O-39-Malley.pdf
    • http://loaminoo.linkpc.net/5096097091092097/Naomi-by-Mya-O-39-Malley.pdf
    • http://loaminoo.linkpc.net/2091096095091097/Passionate-Bid-by-Tierney-O-39-Malley.pdf
    • http://loaminoo.linkpc.net/4096092094090/Lost-at-Sea-by-Bryan-Lee-O-39-Malley.pdf
    • http://loaminoo.linkpc.net/8099099097095097/Hellenism-and-Christianity-by-W-Malley.pdf
    • http://loaminoo.linkpc.net/1091092095090

Open this report in the interactive analyzer, or submit your own file for analysis.