Malicious PDF — malware analysis report

Static analysis result for SHA-256 00716f59f5b9d320…

MALICIOUS

PDF

44.5 KB Created: 2018-11-30 20:09:09 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: cdb80ca84c942ef70e446ab698af1a1f SHA-1: c8d603124606470a334322d3d7267416a62112db SHA-256: 00716f59f5b9d3202879a4329b2f3372cfb46c38ff423f6d43c0191d48dc749a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The PDF document contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no specific malicious script was extracted, the sheer volume of links to external domains suggests a malicious intent, possibly for SEO spam or to redirect users to phishing or malware distribution sites. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8738

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-damned-utd-a-novel.pdf
    • http://www.gorillawalker.com/michelin-red-travel-guide-spain-portugal-french.pdf
    • http://www.gorillawalker.com/absotively-posilutely-best-evidence-for-creation.pdf
    • http://www.gorillawalker.com/broodmare-reproduction-for-the-equine-practitioner-equine-made-easy-series.pdf
    • http://www.gorillawalker.com/the-emerging-quantum-the-physics-behind-quantum-mechanics.pdf
    • http://www.gorillawalker.com/breaking-into-japanese-literature-seven-modern-classics-in-parallel-text.pdf
    • http://www.gorillawalker.com/the-chinese-zheng-zither-contemporary-transformations-soas-musicology-series.pdf
    • http://www.gorillawalker.com/improving-communication-in-your-marriage-homebuilders-couples.pdf
    • http://www.gorillawalker.com/raf-simons.pdf
    • http://www.gorillawalker.com/inspired-sleep-a-novel.pdf
    • http://www.gorillawalker.com/the-kingdom-power-glory-the-overcomer-s-handbook-the-kingdom.pdf
    • http://www.gorillawalker.com/poker-omaha-high-low-split-intermediate.pdf
    • http://www.gorillawalker.com/european-air-law-association-series-volume-18-european-air-law.pdf
    • http://www.gorillawalker.com/hero-ego-in-search-of-self-a-jungian-reading-of.pdf
    • http://www.gorillawalker.com/robots-unleashed.pdf
    • http://www.gorillawalker.com/english-for-nursing-2-course-book-with-cd-rom-vocational.pdf
    • http://www.gorillawalker.com/the-world-market-for-atc-equipment-jane-s-special-reports.pdf
    • http://www.gorillawalker.com/iran-sarzamine-parsian-persian-edition-farsi-edition.pdf
    • http://www.gorillawalker.com/der-glaube-und-sein-grund-f-h-r-von-frank.pdf
    • http://www.gorillawalker.com/institutes-of-ecclesiastical-history-v1-ancient-and-modern-1871.pdf
    • http://www.gorillawalker.com/fender-tm-custom-shop-guitar-2013-box-daily-calendar.pdf
    • http://www.gorillawalker.com/investigating-chemistry-a-forensic-science-perspective-by-matthew-e-johll.pdf
    • http://www.gorillawalker.com/agriculture-biodiversity-and-markets-livelihoods-and-agroecology-in-comparative-perspective.pdf
    • http://www.gorillawalker.com/american-dream-had-happened-in-brazil-portuguese-edition.pdf
    • http://www.gorillawalker.com/watercolour-barns-ready-to-paint.pdf
    • http://www.gorillawalker.com/gamemastery-module-crucible-of-chaos.pdf
    • http://www.gorillawalker.com/zoe-and-her-turkey-burger-the-turkey-burger-kindle-edition.pdf
    • http://www.gorillawalker.com/global-supply-chain-quality-management-product-recalls-and-their-impact.pdf
    • http://www.gorillawalker.com/criminal-violence-patterns-causes-and-prevention-3rd-edition.pdf
    • http://www.gorillawalker.com/the-anchor-us-naval-training-center-san-diego-company-1974.pdf
    • http://www.gorillawalker.com/so-that-happened-a-memoir-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-history-of-country-music-the-music-library-kindle-edition.pdf
    • http://www.gorillawalker.com/mentes-r-gidas-v-s-mentes-flexibles-2-colecci-n.pdf
    • http://www.gorillawalker.com/the-little-book-of-light-one-hundred-eleven-ways-to.pdf
    • http://www.gorillawalker.com/his-bond-servant.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-german-idealism-cambridge-companions-to-philosophy.pdf
    • http://www.gorillawalker.com/sport-business-in-the-global-marketplace-finance-and-capital-markets.pdf
    • http://www.gorillawalker.com/heat-energy-and-fuels-pyrometry-combustion-analysis-of-fuels-and.pdf
    • http://www.gorillawalker.com/call-it-conspiracy.pdf
    • http://www.gorillawalker.com/what-he-wants-what-he-wants-book-one-an-alpha.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.