Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc4830b8251aeeb1…

MALICIOUS

PDF

12.4 KB Created: 2019-04-29 23:29:19 +01:00 Authoring application: mPDF 5.7
MD5: 99b02c289c10324e6452985498f5e902 SHA-1: f1a9928d7d199e9990d36e9ae00330a977772a6f SHA-256: fc4830b8251aeeb1a45359865bcfba7b8d51a4f17fe2f4e1f00b263c2b094b11
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing for a link farm, embedding numerous external links. While the specific intent of these links is not fully clear due to the 'confirmed_benign' label on many, the sheer volume and the 'PDF_SEO_LINK_FARM' rule suggest a malicious attempt to distribute malicious content or conduct phishing. No scripts were extracted from this sample. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8780

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/9096094093099090/Die-T-r-Gedichte-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/1091099095091094095/Cat-s-Eye-Paperback-15-Feb-1990-by-Margaret-Atwood-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/9095097098098094/Erotica-Women-s-Writing-from-Sappho-to-Margaret-Atwood-by-Margaret-Reynolds.pdf
    • http://loaminoo.linkpc.net/3093090095091/Cat-s-Eye-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/6098091096096095/Cat-s-Eye-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/7096090093091/Surfacing-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/2097093098095098/The-Penelopiad-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/9094093096096/Life-Before-Man-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/2090095090098098/Hag-Seed-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/3092094090094096/Surfacing-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/3091098096099093/MaddAddam-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/4099098095099094/Up-in-the-Tree-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/4091091095094092/The-Heart-Goes-Last-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/1095095096098095/The-Heart-Goes-Last-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/1097099092096093/I-m-Starved-For-You-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/5092098094095/The-Handmaid-s-Tale-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/1099090094091097/The-Handmaid-s-Tale-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/7093096093098/The-Robber-Bride-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/1097093095094099/The-Robber-Bride-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/4090092096094092/The-Handmaid-s-Tale-by-Margaret-Atwood.pdf
    • http://loaminoo.linkpc.net/4099098095099094/Up-in-the-Tree-by-

Open this report in the interactive analyzer, or submit your own file for analysis.