Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee13446f08c9cad8…

MALICIOUS

PDF

14.1 KB Created: 2019-05-01 12:02:14 +01:00 Authoring application: mPDF 5.7
MD5: 82d7f94460af1eb5ad11f0db486156b2 SHA-1: 4753c8c516a9e8a22bf8123585a83d1a889d368e SHA-256: ee13446f08c9cad83dfa22571bcdd8049510b3c1498c39c4a613bfa056a5dd0f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a tactic to distribute malicious content or drive traffic to potentially harmful sites. The embedded URLs point to a domain that hosts numerous PDF files, likely as a lure or to obscure the true malicious intent. No scripts were extracted from this sample, limiting further analysis of its execution behavior.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9097092097095098/Wolverine-Old-Man-Logan-Vol-2-Bordertown-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/1097098092090091/Old-Man-Logan-1-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/1095095094090096/Wolverine-Old-Man-Logan-by-Mark-Millar.pdf
    • http://loaminoo.linkpc.net/9090096091096/The-Underwater-Welder-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/2094090090091/Descender-Vol-5-Rise-of-the-Robots-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/3091091093099/Sweet-Tooth-Volume-6-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/5095095091099/Bloodshot-Reborn-Volume-1-Colorado-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/3093099090092094/Royal-City-Vol-2-Sonic-Youth-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/3095094098099097/Gideon-Falls-Vol-1-The-Black-Barn-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/2095092099092095/Sweet-Tooth-Volume-2-In-Captivity-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/9090091098095/Bloodshot-Reborn-1-Digital-Exclusives-Edition-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/2095093093096092/Justice-League-Dark-Volume-3-The-Death-of-Magic-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/3090094093099097/Animal-Man-Volume-2-Animal-vs-Man-by-Jeff-Lemire.pdf
    • http://loaminoo.linkpc.net/7094097090093094/Wolverine-First-Class---Wolverine-by-Night-by-Fred-Van-Lente.pdf
    • http://loaminoo.linkpc.net/2098097099091098/Wolverine-Volume-2-Wolverine-vs-the-X-Men-by-Jason-Aaron.pdf
    • http://loaminoo.linkpc.net/3097093091094094/Logan-s-Chef-Notes-amp-Half-Baked-Tales-Cooking-Dreams-by-Logan-Guleff.pdf
    • http://loaminoo.linkpc.net/3090091095097098/Logan-s-Search-Logan-s-Run-3-by-William-F-Nolan.pdf
    • http://loaminoo.linkpc.net/9097092094093091/Logan-s-World-Logan-2-by-William-F-Nolan.pdf
    • http://loaminoo.linkpc.net/3092090090097097/Catfished-Jeff-and-Julia-s-Saga-by-Jeff-Dawson.pdf
    • http://loaminoo.linkpc.net/3093096095099094/Wolverine-by-Chris-Claremont.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.