Malicious PDF — malware analysis report

Static analysis result for SHA-256 e64c29339b7a43cb…

MALICIOUS

PDF

16.3 KB Created: 2019-05-07 04:26:34 +01:00 Authoring application: mPDF 5.7
MD5: 920b03a2403e92c9edd5476736d4cc86 SHA-1: 2f883c3ada11678fd3e307b98e8039d4225d6900 SHA-256: e64c29339b7a43cbe43835f29edd5177acb120cd0d7008162368840b5e24b573
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a link farm with 22 external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The embedded URLs point to various book titles hosted on loaminoo.linkpc.net. While the URLs themselves are marked as benign, the sheer volume and nature of the links suggest a tactic to drive traffic or potentially host malicious content indirectly. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2099091096093099/Turn-of-the-Cards-Wild-Cards-12-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/2096095099099092/Wild-Cards-Wild-Cards-1-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/3095090093096092/Wild-Cards-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/9091098094090096/Low-Chicago-Wild-Cards-25-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/2099090097099093/Down-and-Dirty-Wild-Cards-5-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/3093092092090097/One-Eyed-Jacks-Wild-Cards-8-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/6090091096092/Suicide-Kings-Wild-Cards-20-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/3093092092090098/Dealer-s-Choice-Wild-Cards-11-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/1090090091090093097/Wild-Cards---Der-Sieg-der-Verlierer-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/3093091099092099/Double-Solitaire-Wild-Cards-10-by-George-R-R-Martin.pdf
    • http://loaminoo.linkpc.net/3093092092093091/George-R-R-Martin-s-Wild-Cards-The-Hard-Call-by-Daniel-Abraham.pdf
    • http://loaminoo.linkpc.net/3093092096092097/George-R-R-Martin-s-Wild-Cards-The-Hard-Call-Part-6-by-Daniel-Abraham.pdf
    • http://loaminoo.linkpc.net/3093092092093095/George-R-R-Martin-s-Wild-Cards-The-Hard-Call-Part-1-by-Daniel-Abraham.pdf
    • http://loaminoo.linkpc.net/3093092099090098/George-R-R-Martin-s-Wild-Cards-The-Hard-Call-Part-3-by-Daniel-Abraham.pdf
    • http://loaminoo.linkpc.net/3091092092092/Wild-Cards-by-Simone-Elkeles.pdf
    • http://loaminoo.linkpc.net/7090098092095095/Church-Connection-Cards-Connect-with-Visitors-Grow-Your-Church-Pastor-Your-People-Little-Cards-Big-Results-by-Yvon-Prehn.pdf
    • http://loaminoo.linkpc.net/2099097090097/Stories-from-Afield-Adventures-with-Wild-Things-in-Wild-Places-by-Bruce-L-Smith.pdf
    • http://loaminoo.linkpc.net/1093092095094097/Wild-Hoofbeats-America-s-Vanishing-Wild-Horses-by-Carol-Walker.pdf
    • http://loaminoo.linkpc.net/3095090098093094/Wild-Land-Wild-Love-Australian-Trilogy-2-by-Connie-Mason.pdf
    • http://loaminoo.linkpc.net/8090097093096099/In-the-Shadows-of-the-Morning-Essays-on-Wild-Lands-Wild-Waters-and-a-Few-Untamed-People-by-Philip-Caputo.pdf
    • http://loaminoo.linkpc.net/3093092096092097/George-R-R-Mar

Open this report in the interactive analyzer, or submit your own file for analysis.