Malicious PDF — malware analysis report

Static analysis result for SHA-256 04f3a9521433df3f…

MALICIOUS

PDF

42.8 KB Created: 2019-03-18 07:29:59 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: a7f03c76f7d5a00117caffa4b02848b0 SHA-1: 4c704b60f336d71a9df79a3996e6fcee3d663c44 SHA-256: 04f3a9521433df3f56ab51e9366edde3bad7fdb3f908e7110655237875e8e646
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute further malicious content. The ML classifier also flagged the document as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/puppy-training-8-steps-to-training-your-puppy-in-socialization.pdf
    • http://www.gorillawalker.com/paul-klee-creative-confession-artist-s-writings.pdf
    • http://www.gorillawalker.com/power-and-innocence-a-search-for-the-sources-of-violence.pdf
    • http://www.gorillawalker.com/income-distribution-the-international-library-of-critical-writings-in-economics.pdf
    • http://www.gorillawalker.com/american-corporate-identity-the-state-of-the-art-in-the.pdf
    • http://www.gorillawalker.com/that-s-why-the-lady-is-a-vamp-and-other.pdf
    • http://www.gorillawalker.com/season-of-storms-kindle-edition.pdf
    • http://www.gorillawalker.com/the-natural-world-of-the-california-indians-california-natural-history.pdf
    • http://www.gorillawalker.com/intermarry.pdf
    • http://www.gorillawalker.com/an-inspirational-guide-for-the-recovering-soul.pdf
    • http://www.gorillawalker.com/what-s-wrong-with-copying.pdf
    • http://www.gorillawalker.com/the-english-in-west-africa-1681-1683-the-local-correspondence.pdf
    • http://www.gorillawalker.com/american-teddy-bear-artists-pattern-book.pdf
    • http://www.gorillawalker.com/teen-health-course-3-assessment-mindjogger-videoquizzes-vhs.pdf
    • http://www.gorillawalker.com/river-s-revenge-new-adult-shifter-romance-book-3-the.pdf
    • http://www.gorillawalker.com/4-ges-nge-op-33-pilgers-morgenlied-no-4-trombone.pdf
    • http://www.gorillawalker.com/laboratory-manual-for-exercise-physiology-with-web-resource.pdf
    • http://www.gorillawalker.com/chamber-music-epic-audio-collection.pdf
    • http://www.gorillawalker.com/ideals-treasury-of-budget-saving-meals-cookbook.pdf
    • http://www.gorillawalker.com/poeta-del-marcapasos-spanish-edition.pdf
    • http://www.gorillawalker.com/stories-of-survival-mountaineering-exploration.pdf
    • http://www.gorillawalker.com/listen-for-a-whisper-prayers-poems-and-reflections-by-girls.pdf
    • http://www.gorillawalker.com/horned-moon-an-account-of-a-journey-through-pakistan-kashmir.pdf
    • http://www.gorillawalker.com/catalan-cooking-a-delicious-journey-through-the-thousand-flavours-of.pdf
    • http://www.gorillawalker.com/the-legacy-the-man-the-honorable-congressman-john-conyers-jr.pdf
    • http://www.gorillawalker.com/party-food-appetizers.pdf
    • http://www.gorillawalker.com/cancer-cureology-the-smart-survivor-s-guide-to-integrative-natural.pdf
    • http://www.gorillawalker.com/ali-baba-and-the-forty-thieves-and-other-stories-illustrated.pdf
    • http://www.gorillawalker.com/giacomo-leopardi-canti-selected-poems.pdf
    • http://www.gorillawalker.com/the-gardener-s-guide-to-growing-peonies.pdf
    • http://www.gorillawalker.com/secrets-of-the-sphinx-orbis-pictus-honor-for-outstanding-nonfiction.pdf
    • http://www.gorillawalker.com/iso-12345-2002-diesel-engines-cleanliness-assessment-of-fuel-injection.pdf
    • http://www.gorillawalker.com/analysis-of-the-under-five-child.pdf
    • http://www.gorillawalker.com/alcoholism-lucent-overview-series.pdf
    • http://www.gorillawalker.com/practising-interdisciplinarity.pdf
    • http://www.gorillawalker.com/letters-from-god-for-teens-god-s-faithful-promises-for.pdf
    • http://www.gorillawalker.com/the-copernicus-legacy-the-forbidden-stone-kindle-edition.pdf
    • http://www.gorillawalker.com/room-for-you-cranberry-inn-volume-1.pdf
    • http://www.gorillawalker.com/60-worksheets-find-predecessor-and-successor-of-1-digit-numbers.pdf
    • http://www.gorillawalker.com/taxation-policy-and-practice-13th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.