Malicious PDF — malware analysis report

Static analysis result for SHA-256 efd893bc09a53eb7…

MALICIOUS

PDF

14.1 KB Created: 2019-04-30 04:20:52 +01:00 Authoring application: mPDF 5.7
MD5: 51d226ca03f1fb2444759afe8aebd0e8 SHA-1: 09c9568977ea249907b2a08f5dc46d185b2d5b95 SHA-256: efd893bc09a53eb7fd1c829cf1f4ab01ca7af657d637d800a8cf95ee4690971d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded links to external PDF documents hosted on the loaminoo.linkpc.net domain. This heuristic firing suggests a link farm or a method to distribute further malicious content. While the URLs themselves are marked as benign, the sheer volume and the nature of the hosting domain indicate a suspicious pattern. No scripts were extracted, limiting the ability to determine a specific payload or further actions.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9094096098098/Creative-Exercises-to-Inspire-by-Heidi-Angell.pdf
    • http://loaminoo.linkpc.net/1091091090093095099/The-Hunter-s-Creed-A-great-primer-for-new-hunters-and-a-good-refresher-for-seasoned-hunters-by-Garn-Christensen.pdf
    • http://loaminoo.linkpc.net/3090096097095096/Hunters-Quest-Hunters-of-Reloria-series-2-by-Kasper-Beaumont.pdf
    • http://loaminoo.linkpc.net/1098092091099094/Hunters-Interlude-Hunters-3-amp-4-by-Shiloh-Walker.pdf
    • http://loaminoo.linkpc.net/1097090098093092/Demon-Hunters-Trinity-Demon-Hunters-1-by-Olivia-Chase.pdf
    • http://loaminoo.linkpc.net/1096098094093095/This-Old-Man-All-in-Pieces-by-Roger-Angell.pdf
    • http://loaminoo.linkpc.net/9095092092098092/Welcome-to-Heidi-by-Heidi-Clements.pdf
    • http://loaminoo.linkpc.net/1096093097097099/The-House-of-Owls-by-Tony-Angell.pdf
    • http://loaminoo.linkpc.net/2091093098092097/Prism-Psyne-2-by-Jasmine-Angell.pdf
    • http://loaminoo.linkpc.net/5092097096094096/The-Diamond-of-Freedom-by-Lorena-Angell.pdf
    • http://loaminoo.linkpc.net/5090090099098099/Scars-of-Defiance-by-Lorena-Angell.pdf
    • http://loaminoo.linkpc.net/1094091095092/Word-from-Our-Sponser-by-Judie-Angell.pdf
    • http://loaminoo.linkpc.net/2098092092092096/Ho-Humbug-Ho-Richmond-Rogues-4-5-by-Kate-Angell.pdf
    • http://loaminoo.linkpc.net/5091094096094090/Seven-Times-to-Leave-Poems-by-Jeannette-Angell.pdf
    • http://loaminoo.linkpc.net/4091099092091092/No-One-Like-You-Barefoot-William-Beach-4-by-Kate-Angell.pdf
    • http://loaminoo.linkpc.net/4092093091092094/A-Diamond-In-My-Pocket-The-Unaltered-1-by-Lorena-Angell.pdf
    • http://loaminoo.linkpc.net/4093094092094091/No-Tan-Lines-Barefoot-William-1-by-Kate-Angell.pdf
    • http://loaminoo.linkpc.net/5092097096095093/The-Diamond-Bearers-Destiny-by-Lorena-Angell.pdf
    • http://loaminoo.linkpc.net/4099097096096099/Hunters-of-Chaos-Hunters-of-Chaos-1-by-Crystal-Vel-squez.pdf
    • http://loaminoo.linkpc.net/5098090099092/Treasure-Hunters-Treasure-Hunters-1-by-James-Patterson.pdf
    • http://loaminoo.linkpc.net/1094091095092/Word-fr

Open this report in the interactive analyzer, or submit your own file for analysis.