Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0260e4676512487…

MALICIOUS

PDF

16.0 KB Created: 2019-04-30 06:12:52 +01:00 Authoring application: mPDF 5.7
MD5: f90ad2dd65d25966606d81da2558decb SHA-1: f29701296811e1d98ca63ef0a294a7c3072a6c85 SHA-256: f0260e467651248790af443e6f32401b909f4c400900195ebb3510abde5a905c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While many of these links point to documents that appear benign, the sheer volume and the ML classifier's high confidence score suggest a malicious intent, likely for SEO spam or to distribute further malware. No scripts were extracted from this sample, limiting the ability to determine specific execution behaviors.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9898

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7093092091093097/The-Metamorphosis-by-Franz-Kafka-Annotated-and-Translated-Edition-Die-Verwandlung-Franz-Kafka-Collection-Book-1-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/6092092097092090/The-Castle-The-Definitive-Edition-by-Franz-Kafka-with-an-Homage-by-Thomas-Mann-Second-Printing-1974-published-by-Schocken-Books-N-Y-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/6090092096095/The-Metamorphosis-In-the-Penal-Colony-and-Other-Stories-The-Great-Short-Works-of-Franz-Kafka-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/1090095094098095091/Metamorphosis-The-original-story-by-Franz-Kafka-as-well-as-important-analysis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/4097095099098097/The-Diaries-of-Franz-Kafka-1914-1923-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/4097095098098091/The-Diaries-of-Franz-Kafka-1910-1913-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/5099090093093099/Kafka-s-Selected-Stories-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/5092098094090/The-Trial-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/5096091098096094/Metamorphosis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/6096097098098/The-Trial-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/1093099091099097/The-Metamorphosis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/5090095094092091/The-Castle-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/3091097092098094/The-Trial-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/9090095091094095/The-Metamorphosis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/6093096095091091/The-Metamorphosis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/5094099099094099/The-Metamorphosis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/4090093092098094/The-Trial-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/1090093097098092091/The-Trial-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/8090090096091091/Metamorphosis-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/9092098098099095/The-Castle-by-Franz-Kafka.pdf
    • http://loaminoo.linkpc.net/4097095099098097/The-Diaries-of-Franz-Kafka-1914-19

Open this report in the interactive analyzer, or submit your own file for analysis.