Malicious PDF — malware analysis report

Static analysis result for SHA-256 040606f94532c5ad…

MALICIOUS

PDF

41.6 KB Created: 2018-11-23 21:08:52 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: 8fbc5201e2463fdc6f98025ffc1b83e3 SHA-1: 674f84374d834b86e6430ea614ede93b829e1b2e SHA-256: 040606f94532c5adda9dffdcbd825b9307b43648b61a70a5bddcd5d077c5339b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a heuristic firing for a link farm, indicating it hosts numerous external links to PDF documents. The ML classifier also flagged the document as malicious. The embedded URLs suggest an attempt to redirect users to a large collection of documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/culture-and-psychology.pdf
    • http://www.gorillawalker.com/tiger-a-modern-study-of-fgst-nr-250031.pdf
    • http://www.gorillawalker.com/functional-electrical-stimulation-fes-resource-guide-for-persons-with-spinal.pdf
    • http://www.gorillawalker.com/frida-kahlo-paper-dolls.pdf
    • http://www.gorillawalker.com/lonely-planet-cyprus.pdf
    • http://www.gorillawalker.com/365-subtraction-worksheets-with-5-digit-minuends-2-digit-subtrahends.pdf
    • http://www.gorillawalker.com/seismic-design-of-reinforced-concrete-and-masonary-buildings-o-p.pdf
    • http://www.gorillawalker.com/boeing-b777-qsg-quick-study-guide-boeing.pdf
    • http://www.gorillawalker.com/pilgrims-and-sultans-the-haji-under-the-ottomans.pdf
    • http://www.gorillawalker.com/intra-uterine-insemination-evidence-based-guidelines-for-daily-practice-reproductive.pdf
    • http://www.gorillawalker.com/snakes-life.pdf
    • http://www.gorillawalker.com/a-wealth-of-family-an-adopted-son-s-international-quest.pdf
    • http://www.gorillawalker.com/speculative-pragmatism.pdf
    • http://www.gorillawalker.com/my-travels-in-north-west-rhodesia-or-a-missionary-journey.pdf
    • http://www.gorillawalker.com/roger-casement-the-biography-of-a-patriot-who-lived-for.pdf
    • http://www.gorillawalker.com/wavelet-analysis-and-its-applications-an-introduction.pdf
    • http://www.gorillawalker.com/miss-manners-rescues-civilization.pdf
    • http://www.gorillawalker.com/the-children-act-1989-children-with-disabilities-v-6-guidance.pdf
    • http://www.gorillawalker.com/small-engine-repair-a-play.pdf
    • http://www.gorillawalker.com/rigby-pm-plus-complete-package-nonfiction-green-levels-12-14.pdf
    • http://www.gorillawalker.com/the-art-of-dying-and-living.pdf
    • http://www.gorillawalker.com/the-amazon-quest-house-of-winslow-book-25.pdf
    • http://www.gorillawalker.com/an-eyewitness-account-i-fired-the-first-gun-and-thus.pdf
    • http://www.gorillawalker.com/on-war-indexed-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-zoo-biology-and-management.pdf
    • http://www.gorillawalker.com/sorry.pdf
    • http://www.gorillawalker.com/a-lesbian-in-god-s-house.pdf
    • http://www.gorillawalker.com/popol-vuh-the-sacred-book-of-the-mayas-english-edition.pdf
    • http://www.gorillawalker.com/alien-midnight.pdf
    • http://www.gorillawalker.com/going-through-the-change-kindle-edition.pdf
    • http://www.gorillawalker.com/daisy-of-treasure-lake.pdf
    • http://www.gorillawalker.com/power-glide-latin-complete-latin-course.pdf
    • http://www.gorillawalker.com/buenas-costumbres-good-customs-spanish-edition.pdf
    • http://www.gorillawalker.com/bases-gen-ticas-de-la-infecci-n-por-virus-de.pdf
    • http://www.gorillawalker.com/equine-reproduction.pdf
    • http://www.gorillawalker.com/the-trade-mission-a-novel-of-psychological-terror.pdf
    • http://www.gorillawalker.com/to-shake-their-guns-in-the-tyrant-s-face-libertarian.pdf
    • http://www.gorillawalker.com/god-of-surprises-the-story-of-desmond-tutu-faith-in.pdf
    • http://www.gorillawalker.com/business-consulting-manual-chinese-edition.pdf
    • http://www.gorillawalker.com/bounders.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.