Malicious PDF — malware analysis report

Static analysis result for SHA-256 dcfdc6307b45d972…

MALICIOUS

PDF

14.9 KB Created: 2019-05-02 01:30:43 +01:00 Authoring application: mPDF 5.7
MD5: e4abc03742491e7091ddeaa95e36d822 SHA-1: 497e061e108025082c3259d8deff7f3615da12c0 SHA-256: dcfdc6307b45d972c862c9ae7f94010b64ed557536dc250bbf811641eec2b9c8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs, many of which point to PDF files hosted on the same domain. This suggests a link farm or a method to distribute further malicious content. The primary attack pattern appears to be SEO manipulation or content distribution via a large number of external links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8097092096094098/No-Tea-No-Shade-Viva-Book-1-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/2095097095099090/No-Tea-No-Shade-Viva-1-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/8097092092096097/I-ll-Be-Your-Man-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/8097092096094094/Celibacy-NOW-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/1097098090092093/Le-Jazz-Hot-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/8097092093098097/You-re-Welcome-Love-Your-Cat-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/1099092096094091/You-re-Welcome-Love-Your-Cat-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/6099093090099090/The-Novice-Dom-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/8097092093098096/The-Phisher-King-by-Clancy-Nacht.pdf
    • http://loaminoo.linkpc.net/2095098090092094/The-Shade-Garden-Shade-Loving-Plants-for-Year-Round-Interest-by-Beth-Chatto.pdf
    • http://loaminoo.linkpc.net/7090097/A-Shade-of-Doubt-A-Shade-of-Vampire-12-by-Bella-Forrest.pdf
    • http://loaminoo.linkpc.net/4092097093093095/Werewolves-of-Shade-Book-Two-by-Tim-O-39-Rourke.pdf
    • http://loaminoo.linkpc.net/2099094096091090/A-Curse-of-Sparks-Fae-Academy-Book-3-by-Sophia-Shade.pdf
    • http://loaminoo.linkpc.net/4092097093094096/Werewolves-of-Shade-Part-Five-Beautiful-Immortals-Series-Book-5-by-Tim-O-39-Rourke.pdf
    • http://loaminoo.linkpc.net/5098098094093098/Clancy-Three-Complete-Novels-by-Tom-Clancy.pdf
    • http://loaminoo.linkpc.net/1090095092094090095/The-Lamp-Shade-Book-80-Traditional-Innovative-Projects-To-Create-Exciting-Lighting-Effects-by-Dawn-Cusick.pdf
    • http://loaminoo.linkpc.net/2099096098096093/A-Shade-of-Vampire-A-Shade-of-Vampire-1-by-Bella-Forrest.pdf
    • http://loaminoo.linkpc.net/1098099094099094/A-Shade-of-Kiev-A-Shade-of-Kiev-1-by-Bella-Forrest.pdf
    • http://loaminoo.linkpc.net/1091098094097091097/Viva-Vodka-Colorful-Cocktails-with-a-Kick-by-W-Park-Kerr.pdf
    • http://loaminoo.linkpc.net/4096098090099/Viva-Vermont-Carter-House-Girls-4-by-Melody-Carlson.pdf
    • http://loaminoo.linkpc.net/4092097093093095/Werewolves-of-Shade-Book-Two-by-Tim-O-3

Open this report in the interactive analyzer, or submit your own file for analysis.