Malicious PDF — malware analysis report

Static analysis result for SHA-256 053e1cb467f93790…

MALICIOUS

PDF

42.1 KB Created: 2018-11-26 20:03:15 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: d4b459ddb88509351a4d05ebd4ff6c32 SHA-1: 73c1250f2366c07f2ba184e556fe0ff9bf5c1658 SHA-256: 053e1cb467f937901af7ce5cd046a9a42f5f89a56b45f40780c6212f082bef9f
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified as a 'link farm', which is a common tactic for SEO manipulation or distributing malicious content. The presence of a 'download button' heuristic further suggests a deceptive user interaction. While no scripts were extracted, the sheer volume of external links and the ML classification indicate a high likelihood of malicious intent, possibly to redirect users to further malicious sites or downloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ragged-edges-poems-from-the-margins.pdf
    • http://www.gorillawalker.com/supporting-children-in-their-home-school-and-community.pdf
    • http://www.gorillawalker.com/zac-efron-superstars.pdf
    • http://www.gorillawalker.com/tissue-culture-techniques-for-horticultural-crops.pdf
    • http://www.gorillawalker.com/big-cat-all-change-board-books.pdf
    • http://www.gorillawalker.com/ibm-s-360-and-early-370-systems-history-of-computing.pdf
    • http://www.gorillawalker.com/the-royal-tennis-court-a-history-of-tennis-at-hampton.pdf
    • http://www.gorillawalker.com/dragons-don-t-cry-fire-chronicles-volume-1.pdf
    • http://www.gorillawalker.com/the-problem-of-space-vehicle-descent-in-planetary-atmospheres-nasa.pdf
    • http://www.gorillawalker.com/hunger-a-gone-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/cocina-esencial-de-m-xico-spanish-edition.pdf
    • http://www.gorillawalker.com/mobile-applications-and-knowledge-advancements-in-e-business.pdf
    • http://www.gorillawalker.com/stock-market-forecasting-the-mcwhirter-method-de-mystified.pdf
    • http://www.gorillawalker.com/ceylon.pdf
    • http://www.gorillawalker.com/atkins-diet-effective-strategies-to-lose-weight-on-the-atkins.pdf
    • http://www.gorillawalker.com/saxon-algebra-2-an-incremental-development-2nd-edition.pdf
    • http://www.gorillawalker.com/the-origins-of-federal-support-for-higher-education-george-w.pdf
    • http://www.gorillawalker.com/thug-a-licious.pdf
    • http://www.gorillawalker.com/rob-roy-oxford-world-s-classics.pdf
    • http://www.gorillawalker.com/manhattan-gmat-verbal-strategy-guide-set-4th-edition-manhattan-gmat.pdf
    • http://www.gorillawalker.com/the-new-cognitive-neurosciences-second-edition.pdf
    • http://www.gorillawalker.com/tornado-watch-number-211.pdf
    • http://www.gorillawalker.com/efficacy-of-assistive-technology-interventions-advances-in-special-education-technology.pdf
    • http://www.gorillawalker.com/the-rise-of-the-south-aftrican-reich.pdf
    • http://www.gorillawalker.com/strengthening-of-concrete-structures-with-adhesive-bonded-reinforcement-design-and.pdf
    • http://www.gorillawalker.com/ms-lupus-and-me-and-that-s-not-all.pdf
    • http://www.gorillawalker.com/mindjacker.pdf
    • http://www.gorillawalker.com/the-elite-guide-to-leadership.pdf
    • http://www.gorillawalker.com/colossians-and-philemon-macarthur-new-testament-commentary-macarthur-new-testament.pdf
    • http://www.gorillawalker.com/a-woman-s-wartime-journal-an-account-of-sherman-s.pdf
    • http://www.gorillawalker.com/orienting-the-self-studies-in-german-literature-linguistics-and-culture.pdf
    • http://www.gorillawalker.com/courage-beyond-the-game-the-freddie-steinmark-story.pdf
    • http://www.gorillawalker.com/turn-up-the-heat-a-couples-guide-to-sexual-intimacy.pdf
    • http://www.gorillawalker.com/sturmgeschutz-its-variants-spielberger-german-armor-military-vehicles-series-vol.pdf
    • http://www.gorillawalker.com/ravaged-by-bigfoot-monster-erotica.pdf
    • http://www.gorillawalker.com/estimating-electrical-construction-revised.pdf
    • http://www.gorillawalker.com/cautivante-revelemos-el-misterio-del-alma-de-una-mujer-captivating.pdf
    • http://www.gorillawalker.com/rogue-galaxy-the-official-strategy-guide.pdf
    • http://www.gorillawalker.com/a-history-of-the-canadian-peoples-4e.pdf
    • http://www.gorillawalker.com/online-ase-technician-test-preparation-ttp-truck-series-slimline-keycode.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.