Malicious PDF — malware analysis report

Static analysis result for SHA-256 f06c155902ece3d2…

MALICIOUS

PDF

12.7 KB Created: 2019-05-04 14:22:18 +01:00 Authoring application: mPDF 5.7
MD5: 56128c4e9d4206c574b77af9c83d9014 SHA-1: d6548c7dde4104cd40d44f4918bbdec8bb36d82f SHA-256: f06c155902ece3d28f03fe10d8334e6f941ca5cbe2621087beadc10f507a3b67
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents hosted on loaminoo.linkpc.net. While the individual linked PDFs are currently classified as benign, the sheer volume and structure suggest a potential attempt to manipulate search engine results or distribute content through a link farm. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the immediate intent.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1099095098098093/Eon-Eon-1-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/3096093099099098/Eona-Eon-2-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/4091092091091094/Killing-the-Rabbit-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/3091094097094095/Eona-The-Last-Dragoneye-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/9092091092099/Singing-the-Dogstar-Blues-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/2093099098/The-Dark-Days-Club-Lady-Helen-1-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/9092090091/The-Dark-Days-Deceit-Lady-Helen-3-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/2095095093094098/Lady-Helen-and-the-Dark-Days-Club-Lady-Helen-1-by-Alison-Goodman.pdf
    • http://loaminoo.linkpc.net/7091090099096/Linda-Goodman-s-Relationship-Signs-by-Linda-Goodman.pdf
    • http://loaminoo.linkpc.net/3099095092094099/Scatter-My-Ashes-at-Bergdorf-Goodman-by-Bergdorf-Goodman.pdf
    • http://loaminoo.linkpc.net/4096098096093091/This-Gun-for-Hire-by-Jo-Goodman.pdf
    • http://loaminoo.linkpc.net/6097093090095/Intuition-by-Allegra-Goodman.pdf
    • http://loaminoo.linkpc.net/1091096094098095/In-the-Event-Of-by-Harvey-Goodman.pdf
    • http://loaminoo.linkpc.net/4090098096096098/How-to-be-a-Victorian-by-Ruth-Goodman.pdf
    • http://loaminoo.linkpc.net/1091098092095090093/Black-Sands-by-Carl-Goodman.pdf
    • http://loaminoo.linkpc.net/1094090098093095/The-Drowning-Tree-by-Carol-Goodman.pdf
    • http://loaminoo.linkpc.net/3093096091094094/The-Widow-s-House-by-Carol-Goodman.pdf
    • http://loaminoo.linkpc.net/7094093099091092/a-PUZZLED-EXISTENCE-by-Jason-P-Goodman.pdf
    • http://loaminoo.linkpc.net/4091092096099097/The-Devil-You-Know-McKenna-Brothers-2-by-Jo-Goodman.pdf
    • http://loaminoo.linkpc.net/1095097096092094/Paradise-Park-by-Allegra-Goodman.pdf
    • http://loaminoo.linkpc.net/6097093090095/Intuition-by-Allegra-Good

Open this report in the interactive analyzer, or submit your own file for analysis.