Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebe435996aca0948…

MALICIOUS

PDF

22.2 KB Created: 2019-05-01 18:37:09 +01:00 Authoring application: mPDF 5.7 First seen: 2019-06-27
MD5: f022f925a7716d0b493dca1f381ec92f SHA-1: b8f076d488e1f6a2548c2ab32251f8e71112aadc SHA-256: ebe435996aca094894c83747ba9fa142afd8affa392ef78d54abf57a6f5073a3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files hosted on the loaminoo.linkpc.net domain. This heuristic firing, combined with the ML classifier's high confidence, suggests a link-farming or content-distribution scheme. The document body is heavily obfuscated, preventing a clear understanding of its immediate purpose, but the link farm indicates a likely attempt to drive traffic or distribute further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9903

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5094094092092095/Three-Twentieth-Century-Novelists-of-Rural-Life-Friedrich-Griese-Padhraic-Og-O-Conaire-and-Maurice-Genevoix-by-Micheal-O-Duill.pdf In PDF document text
    • http://loaminoo.linkpc.net/7096095095096093/Twentieth-Century-Interpretations-of-Stephen-Crane-A-Collection-of-Critical-Essays-Spectrum-Books-by-Maurice-Bassan.pdfIn PDF document text
    • http://loaminoo.linkpc.net/3099090092094097/The-Broadview-Anthology-of-British-Literature-Volume-6a-The-Twentieth-Century-and-Beyond-From-1900-to-Mid-Century-Volume-6a-The-Twentieth-Century-and-Beyond-From-1900-to-Mid-Century-by-Joseph-Laurence-Black.pdfIn PDF document text
    • http://loaminoo.linkpc.net/3098095096098099/The-Oxford-History-of-the-British-Empire-Volume-IV-The-Twentieth-Century-Twentieth-Century-Vol-4-by-Judith-M-Brown.pdfIn PDF document text
    • http://loaminoo.linkpc.net/2097092090096/Twentieth-Century-Crime-And-Mystery-Writers-Twentieth-Century-Writers-Series-by-Lesley-Henderson.pdfIn PDF document text
    • http://loaminoo.linkpc.net/1090095094096091096/Hans-Coper-The-Life-and-Work-of-the-Most-Original-Ceramic-Artist-of-the-Twentieth-Century-by-Tony-Birks.pdfIn PDF document text
    • http://loaminoo.linkpc.net/7099099094093094/Rural-Life-and-the-Rural-School-by-Joseph-Kennedy.pdfIn PDF document text
    • http://loaminoo.linkpc.net/6095095099097092/The-Life-of-the-Ant-by-Maurice-Maeterlinck-by-Maurice-Materlinck.pdfIn PDF document text
    • http://loaminoo.linkpc.net/5091091090093091/Science-in-the-Twentieth-Century-and-Beyond-by-Jon-Agar.pdfIn PDF document text
    • http://loaminoo.linkpc.net/4095097091095/From-the-End-of-the-Twentieth-Century-by-John-M-Ford.pdfIn PDF document text
    • http://loaminoo.linkpc.net/1095094096098098/Paris-in-the-Twentieth-Century-by-Jules-Verne.pdfIn PDF document text
    • http://loaminoo.linkpc.net/2098090099091/American-Law-in-the-Twentieth-Century-by-Lawrence-M-Friedman.pdfIn PDF document text
    • http://loaminoo.linkpc.net/9092093095095/In-Europe-Travels-Through-the-Twentieth-Century-by-Geert-Mak.pdfIn PDF document text
    • http://loaminoo.linkpc.net/5091098093091092/Alabama-in-the-Twentieth-Century-by-Wayne-Flynt.pdfIn PDF document text
    • http://loaminoo.linkpc.net/4095092094099097/The-Myth-of-the-Twentieth-Century-by-Alfred-Rosenberg.pdfIn PDF document text
    • http://loaminoo.linkpc.net/3093097096096099/Twentieth-Century-Scottish-Poems-by-Douglas-Dunn.pdfIn PDF document text
    • http://loaminoo.linkpc.net/1090090094097090092/Twentieth-Century-World-History-by-William-J-Duiker.pdfIn PDF document text
    • http://loaminoo.linkpc.net/1091095096098090098/Perspectives-Art-and-Propaganda-in-the-Twentieth-Century-by-Toby-Clark.pdfIn PDF document text
    • http://loaminoo.linkpc.net/7092099090091090/Rwanda-and-Genocide-in-the-Twentieth-Century-by-Alain-Destexhe.pdfIn PDF document text
    • http://loaminoo.linkpc.net/1090090099099090095/Nationalism-and-Socialism-in-Twentieth-Century-Ireland-by-E-Rumpf.pdfIn PDF document text