Malicious PDF — malware analysis report

Static analysis result for SHA-256 013f7522b1b4cfcb…

MALICIOUS

PDF

35.1 KB Created: 2019-09-18 16:46:30 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 9.5.5 (Windows))
MD5: 695d50969f20b0efc643b82eeb0d9281 SHA-1: 2da242b8270056a80ba1d544b8b2675d2fe18bbf SHA-256: 013f7522b1b4cfcb0845b1ad7b739f0cf15a7f59b3b6b6c0d55138adefeebdf5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of embedded links to external websites, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of outbound links suggests a malicious intent, possibly to distribute further malware or engage in SEO abuse.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shibori-creating-color-and-texture-on-silk-crafts-highlights.pdf
    • http://www.gorillawalker.com/insights-of-a-senior-acupuncturist.pdf
    • http://www.gorillawalker.com/mail-order-bride-englishwoman-widowed-by-a-dishonest-husband-heading.pdf
    • http://www.gorillawalker.com/structural-geology-by-haakon-fossen-aug-23-2010.pdf
    • http://www.gorillawalker.com/braiding-and-knotting-techniques-and-projects-kindle-edition.pdf
    • http://www.gorillawalker.com/the-kathmandu-valley-jewel-of-the-kingdom-of-nepal.pdf
    • http://www.gorillawalker.com/150-unforgettable-dates-for-couples-at-every-stage.pdf
    • http://www.gorillawalker.com/dostoevsky-portrayed-by-his-wife-the-diary-and-reminiscences-of.pdf
    • http://www.gorillawalker.com/equilibrium-markets-and-dynamics.pdf
    • http://www.gorillawalker.com/stranger-in-the-wizard-s-tower.pdf
    • http://www.gorillawalker.com/advanced-environmental-chemical-and-biological-sensing-technologies-xii-proceedings-of.pdf
    • http://www.gorillawalker.com/anatomy-physiology-and-pathology-for-the-massage-therapist.pdf
    • http://www.gorillawalker.com/one-love-one-church.pdf
    • http://www.gorillawalker.com/elsevier-s-maritime-dictionary-in-english-french-and-arabic-english.pdf
    • http://www.gorillawalker.com/introduction-to-automata-theory-languages-and-computation.pdf
    • http://www.gorillawalker.com/atwell-charles-v-hardy-gay-u-s-supreme-court-transcript.pdf
    • http://www.gorillawalker.com/elements-of-black-and-white-photography-the-making-of-twenty.pdf
    • http://www.gorillawalker.com/school-lunch-turtleback-school-library-binding-edition-pinkalicious.pdf
    • http://www.gorillawalker.com/swords-from-the-desert.pdf
    • http://www.gorillawalker.com/the-mom-s-guide-to-running-a-business-strategies-for.pdf
    • http://www.gorillawalker.com/american-government.pdf
    • http://www.gorillawalker.com/computer-logic-the-functional-design-of-digital-computers.pdf
    • http://www.gorillawalker.com/pro-reform-reconsideration-of-the-cftc-swaps-trading-rules-return.pdf
    • http://www.gorillawalker.com/the-secret-power-of-middle-children-how-middleborns-can-harness.pdf
    • http://www.gorillawalker.com/basics-of-respiratory-therapy-a-laboratory-manual.pdf
    • http://www.gorillawalker.com/winning-office-politics-dubrins-gd-for-90s.pdf
    • http://www.gorillawalker.com/druid-twilight-the-loom-of-destiny-book-two-kindle-edition.pdf
    • http://www.gorillawalker.com/understanding-medieval-liturgy-essays-in-interpretation-digital.pdf
    • http://www.gorillawalker.com/50-great-american-places-essential-historic-sites-across-the-u.pdf
    • http://www.gorillawalker.com/2000-ieee-mtt-s-international-microwave-symposium-digest-3-volume.pdf
    • http://www.gorillawalker.com/acts-the-spread-of-the-kingdom-great-adventure.pdf
    • http://www.gorillawalker.com/the-war-in-darfur-reclaiming-sudanese-history.pdf
    • http://www.gorillawalker.com/sir-edward-elgar-scholar-s-choice-edition.pdf
    • http://www.gorillawalker.com/the-american-built-clipper-ship-1850-1856-characteristics-construction-and.pdf
    • http://www.gorillawalker.com/37-naked-sex-tips-for-greater-sexual-pleasure-naked-series.pdf
    • http://www.gorillawalker.com/route-66-the-highway-and-its-people.pdf
    • http://www.gorillawalker.com/tune-heal-in-depth-cellular-music-therapy.pdf
    • http://www.gorillawalker.com/red-riding-hood-takes-charge-after-happily-ever-after.pdf
    • http://www.gorillawalker.com/go-wild-free-your-body-and-mind-from-the-afflictions.pdf
    • http://www.gorillawalker.com/rowe-and-williams-maxillofacial-injuries-vol-2-2nd-edition-vol.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.