Malicious PDF — malware analysis report

Static analysis result for SHA-256 efdb6a02d91b3126…

MALICIOUS

PDF

17.8 KB Created: 2019-04-30 07:55:23 +01:00 Authoring application: mPDF 5.7
MD5: 490abfcfd6d5bc8a985468a69cdf9b95 SHA-1: 32d609985fb1295ecfee1b5c04f1e7eda8c6d613 SHA-256: efdb6a02d91b3126a326545cb5f5fe088390991b2a8b4c0cc8c8aebafe514662
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the 'loaminoo.linkpc.net' domain. While the URLs themselves are marked as benign, the sheer volume and structure suggest a link farm or SEO manipulation tactic rather than legitimate content distribution. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/4092090090090094/Welcome-to-the-Cameo-Hotel-by-K-I-Lynn.pdf
    • http://loaminoo.linkpc.net/7097098098098094/Tokio-Hotel-Album-de-Tokio-Hotel-Chanson-de-Tokio-Hotel-Tournee-de-Tokio-Hotel-1000-Hotels-World-Tour-Welcome-to-Humanoid-City-Tour-Zimmer-483-Tour-Bill-Kaulitz-Tournees-de-Tokio-Hotel-Scream-Recompenses-de-Tokio-Hotel-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/7097098098098090/Tokio-Hotel-Album-de-Tokio-Hotel-Chanson-de-Tokio-Hotel-Tournee-de-Tokio-Hotel-1000-Hotels-World-Tour-Welcome-to-Humanoid-City-Tour-by-Livres-Groupe.pdf
    • http://loaminoo.linkpc.net/4098094095093093/ARV-3-The-After-Light-Saga-1-by-Cameo-Renae.pdf
    • http://loaminoo.linkpc.net/5095099090092/Guarding-Eden-Midway-1-by-Cameo-Renae.pdf
    • http://loaminoo.linkpc.net/1090097097098097090/The-Rosewood-Hotel-Pretty-Little-Liars-Rosewood-Hotel-Mystery-1-by-M-B-Borchardt.pdf
    • http://loaminoo.linkpc.net/1098092091094098/The-Haunting-of-Hotel-LaBelle-Hotel-LaBelle-1-by-Sharon-Buchbinder.pdf
    • http://loaminoo.linkpc.net/2095099098092095/Wings-of-Vengeance-Hidden-Wings-5-by-Cameo-Renae.pdf
    • http://loaminoo.linkpc.net/4097091098097099/Gilded-Wings-Hidden-Wings-4-by-Cameo-Renae.pdf
    • http://loaminoo.linkpc.net/8099090098090092/Abby-Lynn-Verschollen-in-der-Wildnis-Abby-Lynn-2-by-Rainer-M-Schr-der.pdf
    • http://loaminoo.linkpc.net/1090095093097097093/The-Memoirs-Of-Mason-Reese-In-Cahoots-With-Lynn-Haney-by-Lynn-Haney.pdf
    • http://loaminoo.linkpc.net/4092099094096/Hidden-Wings-Hidden-Wings-1-by-Cameo-Renae.pdf
    • http://loaminoo.linkpc.net/8090091091096098/The-Berton-Hotel-by-Ann-Summerville.pdf
    • http://loaminoo.linkpc.net/4090091096097092/The-Hotel-by-Elizabeth-Bowen.pdf
    • http://loaminoo.linkpc.net/8098095094099099/Hotel-Janina-by-Eva-Arados.pdf
    • http://loaminoo.linkpc.net/3096096093093090/The-Haunted-Hotel-A-to-Z-Mysteries-8-by-Ron-Roy.pdf
    • http://loaminoo.linkpc.net/8099099091094/Hotel-by-Arthur-Hailey.pdf
    • http://loaminoo.linkpc.net/1094098096093/I-Hotel-by-Karen-Tei-Yamashita.pdf
    • http://loaminoo.linkpc.net/5090099094094098/Hotel-by-Joanna-Walsh.pdf
    • http://loaminoo.linkpc.net/1096095094097099/Hotel-Iris-by-Y-ko-Ogawa.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.