Malicious PDF — malware analysis report

Static analysis result for SHA-256 dd80bba035faf863…

MALICIOUS

PDF

14.6 KB Created: 2019-04-30 04:37:29 +01:00 Authoring application: mPDF 5.7
MD5: d2e8cdefc8d257ab36472b2bc2a3c1a9 SHA-1: 7053aedb8c824ec9b77c7e0a796ac5afa7eb145d SHA-256: dd80bba035faf863338781eb025b684245bb4e51e2cb93e9db2a28542a2905bf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, characteristic of a link farm designed to drive traffic. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2095097097090092/Fire-amp-Ash-Rot-amp-Ruin-4-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/4091092096097097/Fire-amp-Ash-Rot-amp-Ruin-4-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/1090098095096098/Tales-of-the-Rot-amp-Ruin-Rot-amp-Ruin-Dust-amp-Decay-Dead-amp-Gone-Flesh-amp-Bone-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/2093095091090091/Rot-amp-Ruin-Rot-amp-Ruin-1-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3094091093098/Rot-amp-Ruin-Rot-amp-Ruin-1-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3091093097097092/Dust-amp-Decay-Rot-amp-Ruin-2-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3097093092093/Dust-amp-Decay-Rot-amp-Ruin-2-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/4098093094097094/Countdown-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3097092091093/Bad-Blood-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/1097094098094093/Code-Zero-Joe-Ledger-6-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/1091090095094098094/Material-Witness-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/1094098094090094/Patient-Zero-Joe-Ledger-1-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3092091093096096/Watch-Over-Me-Dylan-Quinn-1-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/1091099093096090/Extinction-Machine-Joe-Ledger-5-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3093095092098097/The-Orphan-Army-The-Nightsiders-1-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/3090092097094095/Assassin-s-Code-Joe-Ledger-4-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/1090092098099/Extinction-Machine-Joe-Ledger-5-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/8096095099096/Dead-Man-s-Song-Pine-Deep-2-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/7090095093097098/Cronache-Zombie-3---Sulle-orme-di-Tom-by-Jonathan-Maberry.pdf
    • http://loaminoo.linkpc.net/4095096095097090/Under-Fire-Winged-Enemy-MC-2-by-Olivia-Ruin.pdf
    • http://loaminoo.linkpc.net/1091090095094098094/Material-Witness-by-Jonathan-Maberry.pd

Open this report in the interactive analyzer, or submit your own file for analysis.