Malicious PDF — malware analysis report

Static analysis result for SHA-256 f1e326028d23fa7a…

MALICIOUS

PDF

15.1 KB Created: 2019-04-30 19:13:31 +01:00 Authoring application: mPDF 5.7
MD5: b234905753813641ff2690d7abf9a82a SHA-1: 3e0ac1c3070194f991a81a38b3e33f9528e9602c SHA-256: f1e326028d23fa7af5d71c6c27dfd4b4425993136de1a08239eddf3a535e5821
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or SEO manipulation tactic. While the ML classifier flagged it as malicious, the specific intent beyond link distribution is unclear due to the lack of executable scripts or readable document body content. The URLs themselves are currently marked as confirmed benign, but the sheer volume and the heuristic firing indicate a suspicious pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2099099099090096/Saving-Hearts-The-Omega-Haven-3-by-Claire-Cullen.pdf
    • http://loaminoo.linkpc.net/3095092098093093/His-Saving-Grace-Secrets-amp-Seduction-4-by-Sharon-Cullen.pdf
    • http://loaminoo.linkpc.net/2099099099091090/Love-Before-Dawn-Kindred-1-by-Claire-Cullen.pdf
    • http://loaminoo.linkpc.net/4094098096094090/Bound-River-Den-Omegas-4-by-Claire-Cullen.pdf
    • http://loaminoo.linkpc.net/2099099099095091/The-Alpha-s-Heart-Lost-Omegas-5-by-Claire-Cullen.pdf
    • http://loaminoo.linkpc.net/2099099099095097/The-Alpha-s-Touch-Lost-Omegas-1-by-Claire-Cullen.pdf
    • http://loaminoo.linkpc.net/3097098093091096/The-Alpha-s-Love-Lost-Omegas-4-by-Claire-Cullen.pdf
    • http://loaminoo.linkpc.net/2098/Kaleidoscope-Hearts-Hearts-1-by-Claire-Contreras.pdf
    • http://loaminoo.linkpc.net/2099098092094094/Nu-Alpha-Omega-Jessica-Christ-4-by-H-Claire-Taylor.pdf
    • http://loaminoo.linkpc.net/2094096097096090/Saving-Hearts-Atlanta-Skyline-3-by-Rebecca-Crowley.pdf
    • http://loaminoo.linkpc.net/4095093093098094/Wicked-Hearts-Wicked-Hearts-1-by-Claire-Thompson.pdf
    • http://loaminoo.linkpc.net/2099097093097094/Wicked-Hearts-Wicked-Hearts-1-by-Claire-Thompson.pdf
    • http://loaminoo.linkpc.net/1092099095096091/Hustle-The-Hunted-Hearts-1-by-Claire-Chilton.pdf
    • http://loaminoo.linkpc.net/7094091091097/Omega-Mine-Alpha-and-Omega-1-by-Aline-Hunter.pdf
    • http://loaminoo.linkpc.net/4099094095090096/Omega-to-the-Ranchers-Becoming-Omega-1-by-Stephen-Hoppa.pdf
    • http://loaminoo.linkpc.net/8091090094099091/OMEGA-Destiny-OMEGA-8-by-Stephen-Arseneault.pdf
    • http://loaminoo.linkpc.net/7099096095099090/OMEGA-Exile-OMEGA-1-by-Stephen-Arseneault.pdf
    • http://loaminoo.linkpc.net/1098092091096096/The-Forbidden-Haven-The-Haven-1-by-Marie-Ellis.pdf
    • http://loaminoo.linkpc.net/3093092099090093/Caped-The-Omega-Superhero-Book-One-Omega-Superhero-Series-1-by-Darius-Brasher.pdf
    • http://loaminoo.linkpc.net/1096099096096099/Doms-of-Dark-Haven-Truckee-Wolves-2-Hawkeye-2-5-Mountain-Masters-amp-Dark-Haven-2-by-Sierra-Cartwright.pdf
    • http://loaminoo.linkpc.net/4095093093098094

Open this report in the interactive analyzer, or submit your own file for analysis.