Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe4e0c8e35012657…

MALICIOUS

PDF

14.2 KB Created: 2019-05-02 05:22:50 +01:00 Authoring application: mPDF 5.7
MD5: b3e4832d9467e930a3bb448848cfa721 SHA-1: 3658e4f66813900ad16988b0eb84552aca8150db SHA-256: fe4e0c8e35012657eb9007908e8b732e0cedd34b7a324e4afb1166d09b0a007c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The PDF contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier strongly indicated maliciousness, and the PDF_SEO_LINK_FARM heuristic identified a mass external link farm. While the specific intent of the links is unclear as they are marked benign, the overall structure and heuristic firings suggest a malicious PDF designed to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/2095097094092098/Set-Ablaze-Uniform-Encounters-1-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/3096092092091093/Dangerous-Wish-Uniform-Encounters-6-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/3096092092091091/Secret-Fire-Uniform-Encounters-5-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/3093099092095099/Honeymoon-Their-Way-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/1092099094091095/Razzle-Dazzle-Gin-amp-Jazz-2-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/1093090095091090/Starring-Role-Gin-and-Jazz-4-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/4096090090092098/Soaring-Past-Death-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/4097092098093097/Justice-Prevails-Sin-City-Uniforms-3-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/4097092098094091/Searching-For-Shelter-Sin-City-Uniforms-6-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/4097092097095094/Held-Hostage-Sin-City-Uniforms-4-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/1093091093091091/The-Rules-of-Love-The-Hampton-Road-Club-2-by-Morticia-Knight.pdf
    • http://loaminoo.linkpc.net/1091098093093092099/Encounters-with-Fire-Encounters-with-People-by-Shiho-Kanzaki.pdf
    • http://loaminoo.linkpc.net/3096097091099097/Ablaze-by-Dahlia-Rose.pdf
    • http://loaminoo.linkpc.net/6096099094097096/Ablaze-Dallas-Fire-amp-Rescue-2-by-Paige-Tyler.pdf
    • http://loaminoo.linkpc.net/4093097090096091/Setting-the-East-Ablaze-Lenin-s-Dream-of-an-Empire-in-Asia-by-Peter-Hopkirk.pdf
    • http://loaminoo.linkpc.net/1091097097098098092/A-World-Ablaze-The-Rise-of-Martin-Luther-and-the-Birth-of-the-Reformation-by-Craig-Harline.pdf
    • http://loaminoo.linkpc.net/4092092097090091/Starf-cked-by-B-L-Morticia.pdf
    • http://loaminoo.linkpc.net/5097093091097090/The-Raider---A-Karmic-Contract-by-Morticia-Autumn-Crone.pdf
    • http://loaminoo.linkpc.net/3099096090095093/Out-of-Uniform-by-Amy-J-Fetzer.pdf
    • http://loaminoo.linkpc.net/4099096092094091/In-Uniform-by-Marquesate.pdf
    • http://loaminoo.linkpc.net/10910980

Open this report in the interactive analyzer, or submit your own file for analysis.