Malicious PDF — malware analysis report

Static analysis result for SHA-256 0456823f62b6bca7…

MALICIOUS

PDF

32.8 KB Created: 2020-03-13 01:10:53 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: 278546a31140326367f238d00c346b63 SHA-1: 0014d5264832759fb2453abecb137caaf6afa383 SHA-256: 0456823f62b6bca77bc0a9f351516cbf3ae95374c42a1dc9edc9bf3f12290d13
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external websites, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation, phishing, or to host further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-beginner-s-guide-to-the-c4-engine-second-edition.pdf
    • http://www.gorillawalker.com/the-joy-of-living-and-dying-in-peace-core-teachings.pdf
    • http://www.gorillawalker.com/unspoken-sermons-third-series-sunrise-centenary-editions-of-the-works.pdf
    • http://www.gorillawalker.com/violin-manual-how-to-assess-buy-set-up-and-maintain.pdf
    • http://www.gorillawalker.com/comprehensive-management-of-chronic-obstructive-pulmonary-disease.pdf
    • http://www.gorillawalker.com/big-league-big-time-birth-of-arizona-diamondbacks.pdf
    • http://www.gorillawalker.com/access-card-for-basics-of-biblical-hebrew-interactive-workbook-for.pdf
    • http://www.gorillawalker.com/technology-and-the-dream-reflections-on-the-black-experience-at.pdf
    • http://www.gorillawalker.com/a-companion-to-business-ethics.pdf
    • http://www.gorillawalker.com/the-sales-bible-the-ultimate-sales-resource-revised-edition.pdf
    • http://www.gorillawalker.com/marine-steam-turbines-marine-engineering-practice.pdf
    • http://www.gorillawalker.com/the-indie-guide-to-music-marketing-and-money.pdf
    • http://www.gorillawalker.com/introduction-to-diagnostic-microbiology.pdf
    • http://www.gorillawalker.com/the-canadian-ufo-report-the-best-cases-revealed.pdf
    • http://www.gorillawalker.com/the-sharpbrains-guide-to-brain-fitness-how-to-optimize-brain.pdf
    • http://www.gorillawalker.com/how-to-manage-spelling-successfully.pdf
    • http://www.gorillawalker.com/psychophysiological-recording.pdf
    • http://www.gorillawalker.com/confession-a-series-of-lectures-on-the-mystery-of-repentance.pdf
    • http://www.gorillawalker.com/moray-inca-engineering-mystery.pdf
    • http://www.gorillawalker.com/the-process-of-legal-research.pdf
    • http://www.gorillawalker.com/theory-of-elasticity-course-of-theoretical-physics-vol-7.pdf
    • http://www.gorillawalker.com/abc-of-resuscitation-abc-series.pdf
    • http://www.gorillawalker.com/pollokshields-1894-lanarkshire-sheet-6-14-old-o-s-maps.pdf
    • http://www.gorillawalker.com/the-book-of-cheese.pdf
    • http://www.gorillawalker.com/technique-of-film-editing-reissue-of-2nd-edition.pdf
    • http://www.gorillawalker.com/mighty-be-our-powers-how-sisterhood-prayer-and-sex-changed.pdf
    • http://www.gorillawalker.com/aqa-gcse-statistics.pdf
    • http://www.gorillawalker.com/the-blood-vivicanti-part-3-theo-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/how-and-where-to-locate-the-merchandise-to-sell-on.pdf
    • http://www.gorillawalker.com/minecraft-diary-of-a-curious-steve-book-3-finding-the.pdf
    • http://www.gorillawalker.com/a-brewer-s-guide-to-opening-a-nano-brewery-your.pdf
    • http://www.gorillawalker.com/let-s-visit-the-beach-let-s-go-outdoors.pdf
    • http://www.gorillawalker.com/south-africa-the-cape-colony-natal-orange-free-state-south.pdf
    • http://www.gorillawalker.com/basic-immunology-functions-and-disorders-of-the-immune-system-4e.pdf
    • http://www.gorillawalker.com/ciencias-de-la-salud-2-bachillerato-spanish-edition.pdf
    • http://www.gorillawalker.com/play-and-learn-bible-stories-jesus-is-born-wipe-clean.pdf
    • http://www.gorillawalker.com/human-factors-in-aviation-maintenance-phase-2-progress-report.pdf
    • http://www.gorillawalker.com/hamlet-op-37-tuba-part-qty-3-a7704.pdf
    • http://www.gorillawalker.com/haywire-acting-edition.pdf
    • http://www.gorillawalker.com/costa-rica-butterflies-wildlife-guide-laminated-foldout-pocket-field-guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.