Malicious PDF — malware analysis report

Static analysis result for SHA-256 e83f21af5baf03db…

MALICIOUS

PDF

13.0 KB Created: 2019-04-30 05:36:45 +01:00 Authoring application: mPDF 5.7
MD5: b47a1377898e3a4563508f2372ecea51 SHA-1: 65bb5dad1d8a123596d299b8868a9e606e7682fe SHA-256: e83f21af5baf03dbfe3baf1016e712fe905c0fb156c9f942bbdb575281f915a9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded links, such as http://loaminoo.linkpc.net/6093091098/Thousands-Dollar-4-by-Pepper-Winters.pdf, are likely used to direct users to malicious websites or for SEO spamming purposes. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/6093091098/Thousands-Dollar-4-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/2099097093098099/Pennies-Dollar-1-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/1099090091096091/Hundreds-Dollar-3-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/5090093090096091/Dollars-Dollar-2-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/4096093090090096/Hundreds-Dollar-3-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/2097092099092096/Destroyed-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/8099090093099/Second-Debt-Indebted-3-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/8098095095090/Third-Debt-Indebted-4-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/2096097093099098/The-Body-Painter-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/4091097092090/Debt-Inheritance-Indebted-1-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/3099095093099096/Debt-Inheritance-Indebted-1-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/2094099095/Sin-amp-Suffer-Pure-Corruption-MC-2-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/3093093094/Je-Suis-Toi-Monsters-in-the-Dark-3-5-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/3097095099090/Tears-of-Tess-Monsters-in-the-Dark-1-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/7099098092091097/Larmes-am-res-dition-Canada-Monsters-in-the-Dark-T1-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/8098095092090098/Crown-of-Lies-Truth-and-Lies-Duet-1-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/4091094090093091/Indebted-Series-1-3-Boxed-Set-Indebted-1-3-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/2090098096/Indebted-Epilogue-Indebted-6-5-by-Pepper-Winters.pdf
    • http://loaminoo.linkpc.net/1099097097099095/A-Dollar-Short-The-Bottom-Dollar-Series-Book-2-by-Karin-Gillespie.pdf
    • http://loaminoo.linkpc.net/1090097095097092/Pepper-s-Romp-Around-Town-Pepper-Princess-and-Petey-1-by-Margaux-Sky.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.