Malicious PDF — malware analysis report

Static analysis result for SHA-256 deafeaab3d61ea28…

MALICIOUS

PDF

16.3 KB Created: 2019-05-03 17:54:05 +01:00 Authoring application: mPDF 5.7
MD5: 1c7a6284393f33af6ca99de853f4dd13 SHA-1: 1df9318b0f7e49bdd64449e0f80682ef21edf09d SHA-256: deafeaab3d61ea283f48e6aceffe4de24b8eaec98a128b5a27120d082e79d7b2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links, indicating a link farm or redirection scheme. The heuristic PDF_SEO_LINK_FARM specifically identifies this pattern, suggesting the document is designed to lure users to external sites. While the URLs themselves are currently marked as benign, the sheer volume and the nature of the heuristic firing strongly suggest a malicious intent, likely related to phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1091092092098099091/The-Sensation-by-Rebecca-Flanders.pdf
    • http://loaminoo.linkpc.net/9091094097097/Best-Of-Friends-by-Rebecca-Flanders.pdf
    • http://loaminoo.linkpc.net/1090095091094097090/Venturas-y-Desventuras-de-la-Famosa-Moll-Flanders-The-Fortunes-and-Misfortunes-of-the-Famous-Moll-Flanders-by-Daniel-Defoe.pdf
    • http://loaminoo.linkpc.net/7090095092097093/Wolf-at-the-Door-by-Rebecca-Brochu.pdf
    • http://loaminoo.linkpc.net/1092099099090097/The-Shadow-Queen-by-Rebecca-Dean.pdf
    • http://loaminoo.linkpc.net/2097097096090093/Wolf-s-Magic-Westervelt-Wolves-4-by-Rebecca-Royce.pdf
    • http://loaminoo.linkpc.net/2099099094095092/First-Omega-River-Wolf-Pack-1-by-Rebecca-James.pdf
    • http://loaminoo.linkpc.net/1096098090098095/Angel-s-Wolf-Westervelt-Wolves-6-by-Rebecca-Royce.pdf
    • http://loaminoo.linkpc.net/2097098092090090/Wolf-Reborn-Westervelt-Wolves-3-by-Rebecca-Royce.pdf
    • http://loaminoo.linkpc.net/2093092090092095/Shadow-Falling-The-Scorpius-Syndrome-2-by-Rebecca-Zanetti.pdf
    • http://loaminoo.linkpc.net/1096092093090090/In-the-shadow-of-the-wolf-by-Andrew-J-Weston.pdf
    • http://loaminoo.linkpc.net/1091098098092096099/One-Night-With-a-Wolf-1Night-Stand-12-Johnson-Werewolves-1-by-Rebecca-Royce.pdf
    • http://loaminoo.linkpc.net/9094098098090092/Shadow-of-the-Wolf-Agaguk-by-Yves-Th-riault.pdf
    • http://loaminoo.linkpc.net/4096096099095/Shadow-Wolf-Wolves-of-the-Beyond-2-by-Kathryn-Lasky.pdf
    • http://loaminoo.linkpc.net/1093090097097092/Wolf-in-Shadow-Jon-Shannow-1-by-David-Gemmell.pdf
    • http://loaminoo.linkpc.net/2090097097099099/Claimed-by-the-Wolf-Shadow-Guardians-1-by-Charlene-Teglia.pdf
    • http://loaminoo.linkpc.net/4092097095096099/New-Scotia-Pack-Box-Set-Shield-Wolf-Wolf-Lover-Fire-Wolf-by-Victoria-Danann.pdf
    • http://loaminoo.linkpc.net/1098091094/Wolf-by-Wolf-Wolf-by-Wolf-1-by-Ryan-Graudin.pdf
    • http://loaminoo.linkpc.net/9091094091093/A-Dog-of-Flanders-by-Ouida.pdf
    • http://loaminoo.linkpc.net/2098097090092097/Darren-Shan-Demonata-Collection-Thin-Executioner-Demon-Thief-Lord-Loss-Slawter-Hell-s-Heroes-Dark-Calling-Wolf-Island-Death-s-Shadow-And-More-by-Darren-Shan.pdf
    • http://loaminoo.linkpc.net/1096092093090090/In-t

Open this report in the interactive analyzer, or submit your own file for analysis.