Malicious PDF — malware analysis report

Static analysis result for SHA-256 efd3e9a63490cb71…

MALICIOUS

PDF

14.8 KB Created: 2019-05-01 18:36:09 +01:00 Authoring application: mPDF 5.7
MD5: 2c0ac5fcead278daf004176dedc866f1 SHA-1: 23d199c78357fbdfa686a132ef27da49ad834b2a SHA-256: efd3e9a63490cb71ae27a1c824ec27e0f0ec6625161852a5ba960345a0508986
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm. While the URLs themselves are currently marked as benign, the sheer volume and the heuristic firing of 'PDF_SEO_LINK_FARM' suggest a malicious intent, possibly for SEO poisoning or to redirect users to further malicious sites. The ML classifier also strongly indicated maliciousness. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/5093098095093097/The-Cowboy-s-Lady-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/3094097099098098/Nell-s-Cowboy-Heart-of-Texas-5-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/4092090097097098/Heart-of-Texas-Volume-3-Nell-s-Cowboy-amp-Lone-Star-Baby-Heart-of-Texas-5-6-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/2090090093094098/Heart-of-Texas-Vol-1-Lonesome-Cowboy-Texas-Two-Step-Heart-of-Texas-1-2-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/2090097094090/There-s-Something-about-Christmas-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/5092094099/If-Not-for-You-New-Beginnings-3-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/3099095090092092/Heartsong-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/1095098098092090/Thursdays-At-Eight-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/2090090092095095/Montana-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/7091093097/Any-Dream-Will-Do-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/3094094097099097/Montana-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/2090092090095/When-Christmas-Comes-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/4095090095093091/The-Matchmakers-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/5090092095092090/Turn-in-the-Road-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/7095099097094095/Three-Brides-No-Groom-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/1090095095091098090/Debbie-Macomber-A-Biography-by-Aileen-Wen.pdf
    • http://loaminoo.linkpc.net/2098095099090093/The-Inn-at-Rose-Harbor-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/2090092093090095/The-Inn-at-Rose-Harbor-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/2091097090094095/Sugar-and-Spice-by-Debbie-Macomber.pdf
    • http://loaminoo.linkpc.net/1098098090/Dashing-Through-the-Snow-by-Debbie-Macomber.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.