Malicious PDF — malware analysis report

Static analysis result for SHA-256 03262162821c1701…

MALICIOUS

PDF

33.2 KB Created: 2020-01-17 19:19:07 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 17f226c797ffc45c6d36e330a3e4951b SHA-1: 058a4bf004af2739e4e0802333f3419f538e1a3b SHA-256: 03262162821c1701f01ba557589869267eca83e3d6cb87bd80735046e85393a3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs suggest an attempt to manipulate search engine results or distribute additional malicious content, rather than a direct user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hydraulics-fundamentals-of-service.pdf
    • http://www.gorillawalker.com/man-who-ate-his-boots-sir-john-franklin-and-the.pdf
    • http://www.gorillawalker.com/the-sculptures-and-inscription-of-darius-the-great-on-the.pdf
    • http://www.gorillawalker.com/king-of-the-flies-hallorave-vol-1-king-of-the.pdf
    • http://www.gorillawalker.com/awakening-the-mind-basic-buddhist-meditations.pdf
    • http://www.gorillawalker.com/winter-war-the-the-soviet-attack-on-finland-1939-1940.pdf
    • http://www.gorillawalker.com/strategies-for-building-a-web-2-0-learning-environment.pdf
    • http://www.gorillawalker.com/tim-all-alone-little-tim.pdf
    • http://www.gorillawalker.com/the-law-of-private-companies.pdf
    • http://www.gorillawalker.com/efficacy-of-an-aqueous-pelargonium-sidoides-extract-against-herpesvirus-clinical.pdf
    • http://www.gorillawalker.com/stores-management-handbook-series.pdf
    • http://www.gorillawalker.com/start-your-own-pet-business-and-more-pet-sitting-dog.pdf
    • http://www.gorillawalker.com/the-unofficial-guide-to-las-vegas-2016.pdf
    • http://www.gorillawalker.com/giving-blood-the-institutional-making-of-altruism-digital.pdf
    • http://www.gorillawalker.com/principles-of-spiritual-development.pdf
    • http://www.gorillawalker.com/canine-and-feline-infectious-diseases-pageburst-e-book-on-vitalsource.pdf
    • http://www.gorillawalker.com/scion-of-judak-the-intelligent-chronicles-volume-1.pdf
    • http://www.gorillawalker.com/a-meal-without-wine-is-called-breakfast-wine-tasting-journal.pdf
    • http://www.gorillawalker.com/somewhere-a-song-daughters-of-fortune-book-2.pdf
    • http://www.gorillawalker.com/boiler-test-calculations.pdf
    • http://www.gorillawalker.com/tribology-of-hydraulic-pump-testing-astm-special-technical-publication-stp.pdf
    • http://www.gorillawalker.com/p-c-profit-outlook-negative-for-1997-property-and-casualty.pdf
    • http://www.gorillawalker.com/story-of-kawasaki-motor-cycles.pdf
    • http://www.gorillawalker.com/beyond-courage-one-regiment-against-japan-1941-1945.pdf
    • http://www.gorillawalker.com/dancing-with-the-wheel-the-medicine-wheel-workbook.pdf
    • http://www.gorillawalker.com/the-national-basketball-association-business-organization-and-strategy.pdf
    • http://www.gorillawalker.com/believing-god-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/a-roman-soldier-s-handbook-crabtree-connections.pdf
    • http://www.gorillawalker.com/illustrated-analysis-of-how-the-wtc-was-really-demolished-on.pdf
    • http://www.gorillawalker.com/north-america-an-introduction.pdf
    • http://www.gorillawalker.com/the-papers-of-thomas-jefferson-retirement-series-volume-8-1.pdf
    • http://www.gorillawalker.com/submissive-by-nature-episode-two.pdf
    • http://www.gorillawalker.com/play-a-long-series-vol-118-groovin-jazz-joey-defrancesco.pdf
    • http://www.gorillawalker.com/en-espa-ol-student-edition-level-1b-2004-spanish-edition.pdf
    • http://www.gorillawalker.com/clear-and-convincing-evidence-my-career-in-intellectual-property-law.pdf
    • http://www.gorillawalker.com/kurds-in-iraq-second-edition-the-past-present-and-future.pdf
    • http://www.gorillawalker.com/harvard-business-review-on-work-and-life-balance-harvard-business.pdf
    • http://www.gorillawalker.com/understanding-iraq-society-culture-and-personality.pdf
    • http://www.gorillawalker.com/successful-minute-taking-meeting-the-challenge-how-to-prepare-write.pdf
    • http://www.gorillawalker.com/third-international-conference-on-electrical-machines-and-drives-16-18.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.