Malicious PDF — malware analysis report

Static analysis result for SHA-256 0cb83d60bdfa5bc3…

MALICIOUS

PDF

44.6 KB Created: 2018-12-15 21:31:24 +03:00 Authoring application: SYSTEM400 Rev 16.02 (via Acrobat Distiller 4.05 for Windows, Powered by PDF Polisher Pro 5.01 420)
MD5: 66883d0bce826d672355614df5233b8b SHA-1: c0514feb13a783e13cc13259335c2cf2201acb28 SHA-256: 0cb83d60bdfa5bc3d7e52f71765160826992a8d6878c45a720eddb6849d44c57
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs likely serve as a link farm, potentially for SEO manipulation or to distribute further malicious content, rather than direct user interaction.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/naked-battle-elves-gold-compendium-chronicles-1-5.pdf
    • http://www.gorillawalker.com/baby-einstein-wordsworth-s-book-of-words.pdf
    • http://www.gorillawalker.com/national-geographic-readers-los-lobos-wolves-spanish-edition.pdf
    • http://www.gorillawalker.com/landscape-painting-in-watercolour.pdf
    • http://www.gorillawalker.com/the-complete-serger-handbook.pdf
    • http://www.gorillawalker.com/organizational-intelligence-knowledge-and-policy-in-government-and-industry-classics.pdf
    • http://www.gorillawalker.com/put-em-down-take-em-out-knife-fighting-techniques-from.pdf
    • http://www.gorillawalker.com/professional-chef-8e-lynch-book-of-yields-7e-lynch-book.pdf
    • http://www.gorillawalker.com/the-politics-of-reproduction.pdf
    • http://www.gorillawalker.com/everywhere-being-is-dancing-twenty-pieces-of-thinking.pdf
    • http://www.gorillawalker.com/46-defense.pdf
    • http://www.gorillawalker.com/mel-bay-blues-harmonica-play-along-trax-book-and-cd.pdf
    • http://www.gorillawalker.com/my-wife-finds-a-new-husband-cuckold-must-watch-his.pdf
    • http://www.gorillawalker.com/squandered-victory-the-american-occupation-and-the-bungled-effort-to.pdf
    • http://www.gorillawalker.com/measuring-health-related-quality-of-life-in-children-and-adolescents.pdf
    • http://www.gorillawalker.com/jaguar-an-illustrated-history-of-the-world-s-most-elegant.pdf
    • http://www.gorillawalker.com/when-god-walks-away-a-companion-for-the-journey-through.pdf
    • http://www.gorillawalker.com/sugar-free-diet-cookbook-mouth-watering-under-30-minutes-low.pdf
    • http://www.gorillawalker.com/maxwell-s-treatise-on-electricity-and-magnetism-the-central-argument.pdf
    • http://www.gorillawalker.com/classic-tales-beginner-2-150-word-vocabulary-amrita-and-the.pdf
    • http://www.gorillawalker.com/by-hanes-walton-robert-c-smith-american-politics-and-the.pdf
    • http://www.gorillawalker.com/the-ancient-world-on-the-victorian-and-edwardian-stage.pdf
    • http://www.gorillawalker.com/kuwait-in-world-maps-facts-and-documents.pdf
    • http://www.gorillawalker.com/narrative-writing-learning-a-new-model-for-teaching.pdf
    • http://www.gorillawalker.com/symmetry-discovered-concepts-and-applications-in-nature-and-science.pdf
    • http://www.gorillawalker.com/body-holiday.pdf
    • http://www.gorillawalker.com/electronic-records-and-signatures-compliance-assessment.pdf
    • http://www.gorillawalker.com/objetivismo-la-filosof-a-benevolente-spanish-edition.pdf
    • http://www.gorillawalker.com/conflict-of-laws-on-the-second-edition.pdf
    • http://www.gorillawalker.com/criminal-profiling-an-introductory-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/being-the-submissive-lesbian-bdsm-erotica.pdf
    • http://www.gorillawalker.com/secrets-of-the-dread-realm-plus-gamemaster-screen-ravenloft-d20.pdf
    • http://www.gorillawalker.com/health-economics-for-developing-countries-a-practical-guide.pdf
    • http://www.gorillawalker.com/introduction-to-the-mathematical-and-statistical-foundations-of-econometrics-themes.pdf
    • http://www.gorillawalker.com/engage.pdf
    • http://www.gorillawalker.com/cangrejos-crabs-bajo-las-olas-under-the-sea-multilingual-edition.pdf
    • http://www.gorillawalker.com/nonproliferation-issues-for-weapons-of-mass-destruction-public-administration-and.pdf
    • http://www.gorillawalker.com/world-of-chemistry.pdf
    • http://www.gorillawalker.com/macarthur-coal-limited-company-capsule-download-pdf-digital.pdf
    • http://www.gorillawalker.com/call-to-the-dance-experiencing-traditional-dance-in-brittany-wendy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.