Malicious PDF — malware analysis report

Static analysis result for SHA-256 093b56bf00562f6d…

MALICIOUS

PDF

38.3 KB Created: 2018-12-02 10:56:07 +03:00 Authoring application: Microsoft® Word 2013
MD5: da0f13c63667b0ee2d4ad396e96c5be7 SHA-1: 06321449c42aa13288715d3029f14f208afddfea SHA-256: 093b56bf00562f6d5626f862c53be2525e549d75757671e9651fce468ecc3349
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a link farm, with 32 external PDF links embedded within its structure. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the embedded URLs suggest a potential SEO poisoning or redirection scheme, possibly leading to further malicious content or phishing attempts.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8901

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dc-comics-ultimate-character-guide.pdf
    • http://www.gorillawalker.com/playing-with-her-heart.pdf
    • http://www.gorillawalker.com/the-running-man-arabic-edition.pdf
    • http://www.gorillawalker.com/from-chiefs-to-landlords-social-and-economic-change-in-the.pdf
    • http://www.gorillawalker.com/pastoral-care-of-depression-helping-clients-heal-their-relationship-with.pdf
    • http://www.gorillawalker.com/soil-fertility-manual.pdf
    • http://www.gorillawalker.com/scorched-earth-legacies-of-chemical-warfare-in-vietnam.pdf
    • http://www.gorillawalker.com/wicked-dead-prey.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-acrylic-adhesives.pdf
    • http://www.gorillawalker.com/gladstone-god-and-politics.pdf
    • http://www.gorillawalker.com/stop-existing-stop-surviving-and-live.pdf
    • http://www.gorillawalker.com/defiled-by-the-tour-bus-fertile-first-time-multiple-male.pdf
    • http://www.gorillawalker.com/kantianism-liberalism-and-feminism-resisting-oppression.pdf
    • http://www.gorillawalker.com/the-billionaire-s-assistant-parts-11-15-a-billionaire-erotic.pdf
    • http://www.gorillawalker.com/a-steampunk-s-guide-to-sex-steampunk-s-guides.pdf
    • http://www.gorillawalker.com/sociology-a-down-to-earth-approach-9th-edition.pdf
    • http://www.gorillawalker.com/there-is-more-than-one-way-to-spell-wiener-the.pdf
    • http://www.gorillawalker.com/rock-mechanics-for-underground-mining.pdf
    • http://www.gorillawalker.com/interfacial-phenomena-in-biological-systems-surfactant-science.pdf
    • http://www.gorillawalker.com/the-dying-time-mechwarrior-no-5.pdf
    • http://www.gorillawalker.com/sacred-spark.pdf
    • http://www.gorillawalker.com/healthy-indian-cooking.pdf
    • http://www.gorillawalker.com/maritime-and-commercial-law-yearbook.pdf
    • http://www.gorillawalker.com/a-click-everyday-math-kindle-edition.pdf
    • http://www.gorillawalker.com/cengagenow-with-ebook-on-blackboard-1-term-6-months-printed.pdf
    • http://www.gorillawalker.com/the-art-of-the-book-proposal.pdf
    • http://www.gorillawalker.com/raizes-musicais-da-bahia-the-musical-roots-of-bahia-portuguese.pdf
    • http://www.gorillawalker.com/bad-machine.pdf
    • http://www.gorillawalker.com/twenty-names-in-medicine.pdf
    • http://www.gorillawalker.com/transforming-suburban-business-districts.pdf
    • http://www.gorillawalker.com/me-myself-and-them-a-firsthand-account-of-one-young.pdf
    • http://www.gorillawalker.com/portraits-of-pioneers-in-psychology-volume-iii-portraits-of-pioneers.pdf
    • http://www.gorillawalker.com/the-permaculture-way-practical-steps-to-create-a-self-sustaining.pdf
    • http://www.gorillawalker.com/kaplan-mcat-workbook-third-edition-kaplan-mcat-practice-tests.pdf
    • http://www.gorillawalker.com/recreation-programming.pdf
    • http://www.gorillawalker.com/shsat-power-practice.pdf
    • http://www.gorillawalker.com/l-imitation-des-bourreaux-de-jesus-christ-connivence-french-edition.pdf
    • http://www.gorillawalker.com/one-man-s-war-one-man-s-island-book-2.pdf
    • http://www.gorillawalker.com/warrior-s-blood-the-warrior-chronicles-book-2.pdf
    • http://www.gorillawalker.com/the-wrecking-of-la-salle-s-ship-aimable-and-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.