Malicious PDF — malware analysis report

Static analysis result for SHA-256 e69ab7a19239f5e3…

MALICIOUS

PDF

15.2 KB Created: 2019-05-01 17:32:39 +01:00 Authoring application: mPDF 5.7
MD5: 220de7afc3616b506e819d340b49437c SHA-1: e83a08d0c8896afcacaced64898786a0fae6e27f SHA-256: e69ab7a19239f5e33c306e3f3cc74e22250584d71704e8345fbe4c5b09ae9b44
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on loaminoo.linkpc.net. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to direct users to external content, potentially for SEO manipulation or to host further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1094097098098090/Release-Fire-on-Ice-5-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/1094098090093097/Bound-Fire-on-Ice-1-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/1094098090091095/Captive-Fire-on-Ice-2-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/1099090096099091/Bound-Fire-on-Ice-1-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/1094097099091098/Drive-Fire-on-Ice-4-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/1099090096099092/Drive-Fire-on-Ice-4-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/3095094098/His-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/4099093094096099/Jocale-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/8098091093090091/Protecting-Sarina-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/3091090095091094/The-Complete-Now-Series-Now-1-3-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/1094097097093098/Deep-Down-Lockhart-Brothers-1-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/3094092091099097/Drawn-Deeper-Lockhart-Brothers-3-by-Brenda-Rothert.pdf
    • http://loaminoo.linkpc.net/4095091093092098/Release-Me-Chasing-Fire-2-by-Ann-Marie-Walker.pdf
    • http://loaminoo.linkpc.net/2098096095090090/Fire-amp-Ice-by-Brenda-Cothern.pdf
    • http://loaminoo.linkpc.net/1090090093092092093/Mountain-Fire-by-Brenda-Margriet.pdf
    • http://loaminoo.linkpc.net/8096093091092/Novels-by-Chris-D-lacey-The-Fire-Eternal-Fire-Star-the-Fire-Within-Icefire-the-Last-Dragon-Chronicles-Fire-World-by-Books-LLC.pdf
    • http://loaminoo.linkpc.net/4097094096092/The-Last-Dragon-Chronicles-Complete-Set-Books-1-5-The-Fire-Within-Icefire-Fire-Star-The-Fire-Eternal-and-Dark-Fire-5-Book-Set-by-Chris-d-39-Lacey.pdf
    • http://loaminoo.linkpc.net/3090092095096091/Release-by-Patrick-Ness.pdf
    • http://loaminoo.linkpc.net/3090097092092094/Release-by-Nicole-Hadaway.pdf
    • http://loaminoo.linkpc.net/2091090090097091/Release-Davlova-1-by-A-M-Sexton.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.