Malicious PDF — malware analysis report

Static analysis result for SHA-256 efe7bf09bc497e4f…

MALICIOUS

PDF

12.4 KB Created: 2019-05-02 22:43:35 +01:00 Authoring application: mPDF 5.7
MD5: cf801d4f049f97750e3e19e5cddbaf28 SHA-1: 95c2d554c0ad6f4378c1a708347643d78cf149cb SHA-256: efe7bf09bc497e4f37ca1ac4584c9ab970d13e7af42cd4e393323e3c3a82084e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files hosted on the 'loaminoo.linkpc.net' domain. This is indicative of a link farm or SEO poisoning tactic, potentially used to distribute malware or phish for credentials. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2091093097099091/Sliver-by-Josh-Voyles.pdf
    • http://loaminoo.linkpc.net/1099092093096096/Don-t-Look-Back-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/2091093090099096/Icecapade-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/4091098096092097/Out-of-the-Blue-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/4095093096092097/What-s-Your-Poo-Telling-You-by-Josh-Richman.pdf
    • http://loaminoo.linkpc.net/8099092092098093/Pirasaurs-by-Josh-Funk.pdf
    • http://loaminoo.linkpc.net/3093093094098098/I-Spy-Something-Christmas-I-Spy-3-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/2091093090096092/I-Spy-Something-Bloody-I-Spy-1-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/2091093090098091/I-Spy-Something-Wicked-I-Spy-2-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/6095091096090/In-the-Footsteps-of-Greatness-by-Josh-Mathe.pdf
    • http://loaminoo.linkpc.net/8094097098090095/Mexico-Stories-by-Josh-Barkan.pdf
    • http://loaminoo.linkpc.net/5095091099090094/Josh-And-Jaz-Have-Three-Mums-by-Hedi-Argent.pdf
    • http://loaminoo.linkpc.net/2092094092099099/A-Case-of-Christmas-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/2093095093092090/A-Case-of-Christmas-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/4095092098095098/Yellow-Jack-by-Josh-Russell.pdf
    • http://loaminoo.linkpc.net/6096092094099091/Little-Nemo-s-Big-New-Dreams-by-Josh-O-39-Neill.pdf
    • http://loaminoo.linkpc.net/3095097094092099/Strangers-on-the-Beach-by-Josh-Pahigian.pdf
    • http://loaminoo.linkpc.net/1099092094097095/The-Darkling-Thrush-by-Josh-Lanyon.pdf
    • http://loaminoo.linkpc.net/3098097091098094/Black-Mad-Wheel-by-Josh-Malerman.pdf
    • http://loaminoo.linkpc.net/3093098090097098/Cards-on-the-Table-by-Josh-Lanyon.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.