Malicious PDF — malware analysis report

Static analysis result for SHA-256 fd3971f8b5aab6c7…

MALICIOUS

PDF

19.1 KB Created: 2019-04-30 02:57:02 +01:00 Authoring application: mPDF 5.7
MD5: c651378d22a27dc66835f5a65e1d0dca SHA-1: 64414321a9a25cec8c48b353c31b77c4d2dcc035 SHA-256: fd3971f8b5aab6c7244d75770ed655379fa94cc290c8211e830afb3143b7b437
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links, characteristic of a link farm. The primary heuristic identified a "PDF_SEO_LINK_FARM" indicating the document's purpose is to direct users to a multitude of other PDF files hosted on the suspicious domain "loaminoo.linkpc.net". No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/7097098098098094/Tokio-Hotel-Album-de-Tokio-Hotel-Chanson-de-Tokio-Hotel-Tournee-de-Tokio-Hotel-1000-Hotels-World-Tour-Welcome-to-Humanoid-City-Tour-Zimmer-483-Tour-Bill-Kaulitz-Tournees-de-Tokio-Hotel-Scream-Recompenses-de-Tokio-Hotel-by-Source-Wikipedia.pdf
    • http://loaminoo.linkpc.net/8098095095091093/A-Captive-of-Her-Love-Letters-and-Paintings-of-Janina-Stroka-by-Janina-Stroka.pdf
    • http://loaminoo.linkpc.net/7097098098098090/Tokio-Hotel-Album-de-Tokio-Hotel-Chanson-de-Tokio-Hotel-Tournee-de-Tokio-Hotel-1000-Hotels-World-Tour-Welcome-to-Humanoid-City-Tour-by-Livres-Groupe.pdf
    • http://loaminoo.linkpc.net/1090091092099093097/H-hepunkte-im-Swingerclub-by-Eva-Arados.pdf
    • http://loaminoo.linkpc.net/7090096095098/If-All-The-Seas-Were-One-Sea-by-Janina-Domanska.pdf
    • http://loaminoo.linkpc.net/1090097097098097090/The-Rosewood-Hotel-Pretty-Little-Liars-Rosewood-Hotel-Mystery-1-by-M-B-Borchardt.pdf
    • http://loaminoo.linkpc.net/8098095093097092/Tarot-for-a-New-Generation-by-Janina-Renee.pdf
    • http://loaminoo.linkpc.net/8098095094096098/The-Understanding-of-Women-by-Janina-Matthewson.pdf
    • http://loaminoo.linkpc.net/1090098094099096090/Schenk-mir-dein-Vertrauen-by-Janina-Mantoni.pdf
    • http://loaminoo.linkpc.net/8098095093093090/Tovi-the-Penguin-Goes-Trick-or-Treating-by-Janina-Rossiter.pdf
    • http://loaminoo.linkpc.net/8098095093099098/The-Enchanted-Book-A-Tale-from-Krakow-by-Janina-Porazi-ska.pdf
    • http://loaminoo.linkpc.net/1098092091094098/The-Haunting-of-Hotel-LaBelle-Hotel-LaBelle-1-by-Sharon-Buchbinder.pdf
    • http://loaminoo.linkpc.net/1090095090096099090/Der-Beginn-des-Krieges-EVENT-in-1939-1941-by-Janina-Muench.pdf
    • http://loaminoo.linkpc.net/5093093095096095/Tovi-the-Penguin-fait-du-camping-Volume-1-French-Edition-by-Janina-Rossiter.pdf
    • http://loaminoo.linkpc.net/3098094099091091/Winter-in-the-Morning-A-Young-Girl-s-Life-in-the-Warsaw-Ghetto-and-Beyond-1939-1945-by-Janina-Bauman.pdf
    • http://loaminoo.linkpc.net/4090091096097092/The-Hotel-by-Elizabeth-Bowen.pdf
    • http://loaminoo.linkpc.net/8099099091094/Hotel-by-Arthur-Hailey.pdf
    • http://loaminoo.linkpc.net/1094098096093/I-Hotel-by-Karen-Tei-Yamashita.pdf
    • http://loaminoo.linkpc.net/5090099094094098/Hotel-by-Joanna-Walsh.pdf
    • http://loaminoo.linkpc.net/8090091091096098/The-Berton-Hotel-by-Ann-Summerville.pdf
    • http://loaminoo.linkpc.net/1090097097098097090/The-Rosewood-Hotel-Pret

Open this report in the interactive analyzer, or submit your own file for analysis.