Malicious PDF — malware analysis report

Static analysis result for SHA-256 f370d4ee7f29919a…

MALICIOUS

PDF

12.0 KB Created: 2019-05-02 21:08:48 +01:00 Authoring application: mPDF 5.7
MD5: a2076f604236cb90cb8e867474b8bae8 SHA-1: dea450c71d9e3d012dc6a325f91374fb72c3c8fc SHA-256: f370d4ee7f29919a4345f951643f770da41b1b75f073d66cb564ebfb173a1a9f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1190 Exploit Public-Facing Application

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files hosted on loaminoo.linkpc.net. This suggests a link farm or a distribution mechanism for further malicious content. The primary attack pattern appears to be the use of a PDF document to host and distribute links, potentially leading to drive-by downloads or phishing attempts.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8737

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7097091093096096/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/7092093099098092/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/5098098096094096/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/6090094091091099/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/5096098097092094/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/9094094096092097/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/4096098094095094/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/5093091092096091/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/5096097093099090/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/6092090095093093/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/6090096093098094/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/6090090099092094/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/1090096093094091097/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/1091099095091091093/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/2099090095090095/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/3091094090095090/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/9092097090092096/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/5095097097091/Wuthering-Heights-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/8095097095094097/Wuthering-Heights-and-Poems-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/5097094090092092/Wuthering-Heights-The-Originals-by-Emily-Bront-.pdf
    • http://loaminoo.linkpc.net/2099090095090095/Wuther

Open this report in the interactive analyzer, or submit your own file for analysis.