Malicious PDF — malware analysis report

Static analysis result for SHA-256 05a569724bd9e29f…

MALICIOUS

PDF

34.8 KB Created: 2020-01-17 19:19:13 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 16adbf28d8c48a88a06cec2803e3017f SHA-1: 25bdbe13bdd9715b5e08f77450d41ff684c13363 SHA-256: 05a569724bd9e29f70e41ea6d10ce0d526fa6b58dd6fd472b1fbaa6160d6b5b7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the same domain, suggesting a link farm or SEO manipulation tactic. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-creative-soul-art-and-the-quest-for-wholeness.pdf
    • http://www.gorillawalker.com/newspaper-designer-s-handbook.pdf
    • http://www.gorillawalker.com/lakeland-peaks.pdf
    • http://www.gorillawalker.com/lead-stage-dive-book-3-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/stray-bullets-volume-5.pdf
    • http://www.gorillawalker.com/nabucco-vocal-score-giuseppe-verdi-vocal-score-score.pdf
    • http://www.gorillawalker.com/the-secret-history-of-vampires.pdf
    • http://www.gorillawalker.com/die-rezeption-des-werkes-von-jacques-brel-european-university-studies.pdf
    • http://www.gorillawalker.com/fundamentals-of-powder-diffraction-and-structural-characterization-of-materials-second.pdf
    • http://www.gorillawalker.com/aspects-de-la-geomorphologie-du-maroc.pdf
    • http://www.gorillawalker.com/comptes-nationaux-des-pays-de-l-ocde-comptes-financiers-2014.pdf
    • http://www.gorillawalker.com/poverty-and-social-protection-in-indonesia.pdf
    • http://www.gorillawalker.com/tolerance-celebrating-differences-life-skills.pdf
    • http://www.gorillawalker.com/gramatica-y-ortografia-modernas-modern-spelling-and-grammar-spanish-edition.pdf
    • http://www.gorillawalker.com/raja-ravi-varma-painter-of-colonial-india.pdf
    • http://www.gorillawalker.com/my-first-french-word-book-english-and-french-edition.pdf
    • http://www.gorillawalker.com/the-stones-of-athens-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/from-the-land-of-the-labyrinth-minoan-crete-3000-1100.pdf
    • http://www.gorillawalker.com/body-makeovers-weight-loss-success-stories-from-the-files-of.pdf
    • http://www.gorillawalker.com/lo-que-nos-dicen-los-ngeles-encuentra-una-respuesta-espiritual.pdf
    • http://www.gorillawalker.com/ritmo-lento-libros-del-tiempo-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/peterson-s-guide-to-graduate-and-professional-programs-an-overview.pdf
    • http://www.gorillawalker.com/degei-s-descendants-spirits-place-and-people-in-pre-cession.pdf
    • http://www.gorillawalker.com/if-jesus-were-gay-other-poems.pdf
    • http://www.gorillawalker.com/just-kidding-laugh-out-loud-jokes-why-so-serious-laugh.pdf
    • http://www.gorillawalker.com/hidden-food-allergies-the-essential-guide-to-uncovering-hidden-food.pdf
    • http://www.gorillawalker.com/florence-town-centre-maps.pdf
    • http://www.gorillawalker.com/harrod-s-librarians-glossary-9-000-terms-used-in-information.pdf
    • http://www.gorillawalker.com/the-midas-flesh-vol-1.pdf
    • http://www.gorillawalker.com/sand-chronicles-vol-6.pdf
    • http://www.gorillawalker.com/the-world-teacher-for-all-humanity.pdf
    • http://www.gorillawalker.com/make-money-at-art-shows-and-craft-fairs.pdf
    • http://www.gorillawalker.com/u-s-marines-in-vietnam-the-advisory-combat-assistance-era.pdf
    • http://www.gorillawalker.com/simple-and-quick-recipes-chicken.pdf
    • http://www.gorillawalker.com/coping-with-trauma-hope-through-understanding.pdf
    • http://www.gorillawalker.com/color-atlas-of-dermatology-3e.pdf
    • http://www.gorillawalker.com/effective-software-maintenance-and-evolution-a-reuse-based-approach-kindle.pdf
    • http://www.gorillawalker.com/the-dante-connection-book-2-genevieve-lenard-kindle-edition.pdf
    • http://www.gorillawalker.com/playborhood-turn-your-neighborhood-into-a-place-for-play.pdf
    • http://www.gorillawalker.com/viena-vienna-guia-multimedia-multimedia-guide-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.