Malicious PDF — malware analysis report

Static analysis result for SHA-256 f510798487b59160…

MALICIOUS

PDF

14.0 KB Created: 2019-05-02 18:10:27 +01:00 Authoring application: mPDF 5.7
MD5: c0e2157f0bed6064539488ff5415cadc SHA-1: c0a2f689bc0c87c73e1062db880ba4050722dee1 SHA-256: f510798487b591602e27e5da8943bc76d5b77995acddd567de15e2f2a07211f8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, characteristic of a link farm or SEO manipulation tactic. While the URLs themselves are currently classified as benign, the sheer volume and the heuristic firing suggest a potential for distributing malicious content or for SEO abuse. No scripts were extracted, limiting further analysis of direct payload delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/1094097099094096/The-Scandalous-Dissolute-No-Good-Mr-Wright-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/3096098095096/The-Duchess-Deal-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/3090096099094099/The-Duchess-Deal-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/3091096099092098/Romancing-the-Duke-Castles-Ever-After-1-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/4096092098098090/Once-Upon-a-Winter-s-Eve-Spindle-Cove-1-5-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/1090091097094/Romancing-the-Duke-Castles-Ever-After-1-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/4090091092094092/How-the-Dukes-Stole-Christmas-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/1094095095091097/Any-Duchess-Will-Do-Spindle-Cove-4-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/1091090090095/A-Night-to-Surrender-Spindle-Cove-1-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/4096097094092092/A-Week-to-Be-Wicked-Spindle-Cove-2-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/8092093090094/A-Lady-by-Midnight-Spindle-Cove-3-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/2095093092090/One-Dance-with-a-Duke-Stud-Club-1-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/2091097097097090/Beauty-and-the-Blacksmith-Spindle-Cove-3-5-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/4095094098099091/Three-Nights-with-a-Scoundrel-Stud-Club-3-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/2092099094093090/A-Lady-of-Persuasion-The-Wanton-Dairymaid-Trilogy-3-by-Tessa-Dare.pdf
    • http://loaminoo.linkpc.net/2093093094093092/Edith-and-Mr-Bear-by-Dare-Wright.pdf
    • http://loaminoo.linkpc.net/4098091091091099/Lona-A-Fairy-Tale-by-Dare-Wright.pdf
    • http://loaminoo.linkpc.net/1091090098097091096/Why-Stomach-Acid-Is-Good-for-You-by-Jonathan-V-Wright.pdf
    • http://loaminoo.linkpc.net/3092092096096092/The-Grand-Dissolute-by-Joel-Van-Valin.pdf
    • http://loaminoo.linkpc.net/2092099095099098/A-Scandalous-Wife-Scandalous-1-by-Ava-Stone.pdf
    • http://loaminoo.linkpc.net/209109709709709

Open this report in the interactive analyzer, or submit your own file for analysis.