Malicious PDF — malware analysis report

Static analysis result for SHA-256 0e6f9cccd340a3a0…

MALICIOUS

PDF

43.6 KB Created: 2019-04-30 16:29:21 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: cce3a312f4e5f116ecad871087e8eeb8 SHA-1: f97192c83a6d2f5ff43606f03ffd7c9191dcf6de SHA-256: 0e6f9cccd340a3a09ac4270d2c62694760271ec63455d158487ee08a1e907601
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated and unreadable, the sheer volume of links suggests an attempt to manipulate search engine results or to serve as a landing page for further malicious activity. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/il-trittico-tabarro-gianni-schicchi-suor-angelica-full-score-orig.pdf
    • http://www.gorillawalker.com/psalms-part-2-and-lamentations.pdf
    • http://www.gorillawalker.com/the-less-dead.pdf
    • http://www.gorillawalker.com/the-ancient-egyptians-religious-beliefs-and-practices-the-library-of.pdf
    • http://www.gorillawalker.com/island-for-two-hawaii-magic-fiji-fantasy-kimani-romance.pdf
    • http://www.gorillawalker.com/on-my-street.pdf
    • http://www.gorillawalker.com/harvard-medical-school-knees-and-hips-a-troubleshooting-guide-to.pdf
    • http://www.gorillawalker.com/the-source-field-investigations-the-hidden-science-and-lost-civilizations.pdf
    • http://www.gorillawalker.com/clap-your-hands-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/slow-death.pdf
    • http://www.gorillawalker.com/party-in-the-blitz-the-english-years.pdf
    • http://www.gorillawalker.com/420-diner-what-s-on-the-menu.pdf
    • http://www.gorillawalker.com/stochastics-in-finite-and-infinite-dimensions-in-honor-of-gopinath.pdf
    • http://www.gorillawalker.com/if-your-girl-only-knew.pdf
    • http://www.gorillawalker.com/preclinical-orthodontics-and-pediatric-dentistry-642.pdf
    • http://www.gorillawalker.com/the-birth-dearth-what-happens-when-people-in-free-countries.pdf
    • http://www.gorillawalker.com/your-next-breath-catherine-ling.pdf
    • http://www.gorillawalker.com/tensors-in-mechanics-and-elasticity-engineering-physics-an-international-series.pdf
    • http://www.gorillawalker.com/turkey-hunting-tactics-of-the-pros-expert-advice-to-help.pdf
    • http://www.gorillawalker.com/communication-digital-media-and-everyday-life.pdf
    • http://www.gorillawalker.com/humorists-from-hogarth-to-noel-coward.pdf
    • http://www.gorillawalker.com/illegal-trial-of-christ.pdf
    • http://www.gorillawalker.com/genetics-of-allergy-and-asthma-methods-for-investigative-studies-clinical.pdf
    • http://www.gorillawalker.com/podiatry-for-the-assistant.pdf
    • http://www.gorillawalker.com/euclidean-and-non-euclidean-geometries-by-greenberg-marvin-j-w.pdf
    • http://www.gorillawalker.com/algebra-activities-from-many-cultures.pdf
    • http://www.gorillawalker.com/aunt-bessie-assumes-an-isle-of-man-cozy-mystery-volume.pdf
    • http://www.gorillawalker.com/data-driven-security-analysis-visualization-and-dashboards.pdf
    • http://www.gorillawalker.com/chomsky-on-mis-education-critical-perspectives-series-a-book-series.pdf
    • http://www.gorillawalker.com/versos-robados-tercera-edici-n-revisada-y-ampliada-spanish-edition.pdf
    • http://www.gorillawalker.com/the-one-year-daily-insights-with-zig-ziglar-unabridged-audible.pdf
    • http://www.gorillawalker.com/flash-catalyst-cs5-bible.pdf
    • http://www.gorillawalker.com/union-with-christ-in-the-new-testament.pdf
    • http://www.gorillawalker.com/the-culture-and-commerce-of-texts-scribal-publication-in-seventeenth.pdf
    • http://www.gorillawalker.com/the-sex-lives-of-cannibals-adrift-in-the-equatorial-pacific.pdf
    • http://www.gorillawalker.com/the-greatest-civil-war-battles-the-battle-of-fredericksburg-kindle.pdf
    • http://www.gorillawalker.com/double-concerto-in-d-minor-by-johann-sebastian-bach-edited.pdf
    • http://www.gorillawalker.com/galamian-neumann-contemporary-violin-technique-book-2-e-c-schirmer.pdf
    • http://www.gorillawalker.com/h-vam-l-runes-norse-and-english-icelandic-edition.pdf
    • http://www.gorillawalker.com/cuckolded-by-my-boss-office-cuckold-humiliation-erotica.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.