Malicious PDF — malware analysis report

Static analysis result for SHA-256 f06d43fad31f600e…

MALICIOUS

PDF

12.5 KB Created: 2019-05-06 16:34:29 +01:00 Authoring application: mPDF 5.7
MD5: a250f4be8d289e7ab6d882ee6c322ad2 SHA-1: 769b38bca3a90a2ca756d1e68712f72249cdeea0 SHA-256: f06d43fad31f600e3f36de303637516399ef0f3f1f9a4df3c1ababdfa5df65f1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or distribution mechanism. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links points to a malicious intent, likely to redirect users to potentially harmful sites or for SEO manipulation. The document body contains obfuscated data and repeated URLs, reinforcing the link farm hypothesis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.ne
    • http://loaminoo.linkpc.net/4095099091091093/Forever-You-re-Mine-MINE-4-by-K-Langston.pdf
    • http://loaminoo.linkpc.net/1094094095091093/Because-You-re-Mine-MINE-1-by-K-Langston.pdf
    • http://loaminoo.linkpc.net/8098099098090/Forever-Mine-by-K-D-Williamson.pdf
    • http://loaminoo.linkpc.net/2099098091092095/Mine-to-Lose-Mine-to-Love-1-by-T-K-Rapp.pdf
    • http://loaminoo.linkpc.net/2096093093091095/Mine-to-Hold-Mine-3-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/1098090092096094/Mine-to-Spell-Mine-2-by-Janeal-Falor.pdf
    • http://loaminoo.linkpc.net/2091092095099093/Mine-to-Tarnish-Mine-0-5-by-Janeal-Falor.pdf
    • http://loaminoo.linkpc.net/2091091092093096/Mine-to-Crave-Mine-4-by-Cynthia-Eden.pdf
    • http://loaminoo.linkpc.net/1091092094093095/Forever-Mine-The-Moreno-Brothers-1-by-Elizabeth-Reyes.pdf
    • http://loaminoo.linkpc.net/2099094093093094/Mine-All-Mine-by-Adam-Davies.pdf
    • http://loaminoo.linkpc.net/4099093090091094/Say-You-re-Mine-You-re-Mine-1-by-Jenika-Snow.pdf
    • http://loaminoo.linkpc.net/1099099090094094/She-s-All-Mine-Mine-1-by-Elena-Moreno.pdf
    • http://loaminoo.linkpc.net/4099092097093096/You-Are-Mine-Mine-1-by-Janeal-Falor.pdf
    • http://loaminoo.linkpc.net/5093090091/Tormentor-Mine-Tormentor-Mine-1-by-Anna-Zaires.pdf
    • http://loaminoo.linkpc.net/5096092091099095/Shortie-Like-Mine-Shortie-Like-Mine-1-by-Ni-Ni-Simone.pdf
    • http://loaminoo.linkpc.net/6091095091099099/It-s-Mine-by-Leo-Lionni.pdf
    • http://loaminoo.linkpc.net/3095090098094094/Because-You-re-Mine-by-Nan-Ryan.pdf
    • http://loaminoo.linkpc.net/6097097097094095/Mine-by-Susi-Fox.pdf
    • http://loaminoo.linkpc.net/3095093091096096/Mine-by-S-A-Clements.pdf
    • http://loaminoo.linkpc.net/1091093099091092/The-Well-and-the-Mine-by-Gin-Phillips.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.