Malicious PDF — malware analysis report

Static analysis result for SHA-256 e80a4ad93cb7b21f…

MALICIOUS

PDF

13.8 KB Created: 2019-04-30 12:05:52 +01:00 Authoring application: mPDF 5.7
MD5: 4425a59bd338d19f16efc45bfe41052b SHA-1: 5e610d3b5fe8fb97c3b1fe499b7ae4efbf6af562 SHA-256: e80a4ad93cb7b21f82c227b5ad15de914865de4a42d9496b02ec19d2bf179410
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which point to various book titles hosted on loaminoo.linkpc.net. While the individual URLs are marked as confirmed benign, the sheer volume and pattern suggest a link farm intended to manipulate search engine results or drive traffic. No scripts were extracted from this sample. The attack pattern is therefore focused on the link farm behavior.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1090091091098097093/Diagnosis-Dead-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/4097090090098092/The-Golem-of-Paris-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/7090098095094/The-Conspiracy-Club-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/1094096093/The-Murderer-s-Daughter-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/7092098093092097/Des-petits-os-si-propres-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/1090090095092096098/The-Web-Bad-Love-Alex-Delaware-10-8-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/3090091095095095/Rage-Alex-Delaware-19-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/2096098091/Breakdown-Alex-Delaware-31-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/3090091099098096/Bad-Love-Alex-Delaware-8-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/3090091092095091/Therapy-Alex-Delaware-18-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/1098096097092098/Deception-Alex-Delaware-25-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/4091094093097094/The-Clinic-Alex-Delaware-11-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/2090095092090091/Obsession-Alex-Delaware-21-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/1093093090090093/The-Golem-of-Hollywood-Detective-Jacob-Lev-1-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/2096096094097092/Blood-Test-Alex-Delaware-2-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/3095097090097099/Devil-s-Waltz-Alex-Delaware-7-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/2091098093/The-Golem-of-Paris-Detective-Jacob-Lev-2-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/1090090095091099099/The-Wedding-Guest-Alex-Delaware-34-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/1096097090092090/A-Cold-Heart-Alex-Delaware-17-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/3093096097090091/Crime-Scene-Clay-Edison-1-by-Jonathan-Kellerman.pdf
    • http://loaminoo.linkpc.net/4091094093097094/The-Clinic

Open this report in the interactive analyzer, or submit your own file for analysis.