Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa213128dc4bba96…

MALICIOUS

PDF

15.3 KB Created: 2019-05-02 02:35:27 +01:00 Authoring application: mPDF 5.7
MD5: 0fbd963a948c8775f903ea992b419015 SHA-1: 55232000244709bb7bbf477e231a3b2a1cbce47a SHA-256: fa213128dc4bba96186a1afd090fdfae82b37914593413a6e61d41256d0fdd5a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are marked as confirmed benign, the sheer volume and structure suggest a malicious intent, likely for SEO manipulation or to serve as a distribution point for other malicious content. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/3099092097/Her-Dad-s-Friend-by-Penny-Wylder.pdf
    • http://loaminoo.linkpc.net/1090094098093097096/Caught-Together-by-Penny-Wylder.pdf
    • http://loaminoo.linkpc.net/4098096093094097/Lip-Service-by-Penny-Wylder.pdf
    • http://loaminoo.linkpc.net/8095091091/The-Wife-Arrangement-by-Penny-Wylder.pdf
    • http://loaminoo.linkpc.net/4099093096/The-Billionaire-s-Virgin-by-Penny-Wylder.pdf
    • http://loaminoo.linkpc.net/8094094094090091/Bang-Club-Deep-3-by-Penny-Wylder.pdf
    • http://loaminoo.linkpc.net/3096099097097097/Any-Friend-of-God-s-is-a-Friend-of-Mine-A-Biblical-amp-Historical-Exploration-of-the-Catholic-Doctrine-of-the-Communion-of-Saints-by-Patrick-Madrid.pdf
    • http://loaminoo.linkpc.net/1091097099091090091/Copper-Penny-Lane-Copper-Penny-Cooper-2-by-Leise-Chadwick.pdf
    • http://loaminoo.linkpc.net/1091096094092099093/-SOBLESSED-the-Annoying-Actor-Friend-s-Guide-to-Werking-in-Show-Business-by-Annoying-Actor-Friend.pdf
    • http://loaminoo.linkpc.net/4097093093094094/In-Love-With-My-Best-Friend-In-Love-With-My-Best-Friend-1-by-Sheena-Binkley.pdf
    • http://loaminoo.linkpc.net/1099098096091091/My-Best-Friend-s-Brother-My-Best-Friend-s-Brother-1-by-Chrissy-Fanslau.pdf
    • http://loaminoo.linkpc.net/7090091091091096/Friend-Zoned-Friend-Zoned-1-by-Belle-Aurora.pdf
    • http://loaminoo.linkpc.net/5090094096092091/More-Than-You-Know-by-Penny-Vincenzi.pdf
    • http://loaminoo.linkpc.net/2090092099093096/Taken-Over-by-Penny-Jordan.pdf
    • http://loaminoo.linkpc.net/8098091090092096/Tag-You-re-It-by-Penny-McCall.pdf
    • http://loaminoo.linkpc.net/2099096095096094/F-M-L-by-Penny-Doolittle.pdf
    • http://loaminoo.linkpc.net/1098093095091095/Best-Man-to-Wed-by-Penny-Jordan.pdf
    • http://loaminoo.linkpc.net/3091096099097090/Still-Life-by-Louise-Penny.pdf
    • http://loaminoo.linkpc.net/1094090095099091/All-Jacked-Up-by-Penny-McCall.pdf
    • http://loaminoo.linkpc.net/2091096098093093/Blackmail-by-Penny-Jordan.pdf
    • http://loaminoo.linkpc.net/10910960940920

Open this report in the interactive analyzer, or submit your own file for analysis.