Malicious PDF — malware analysis report

Static analysis result for SHA-256 0f6889379f436986…

MALICIOUS

PDF

46.8 KB Created: 2018-12-15 08:11:07 +03:00 Authoring application: - (via Haru Free PDF Library 2.1.0)
MD5: 8655555dd893d534dd71937c14b0f9ce SHA-1: 7166c965b54bde4880704d69c62f389bf7a570ef SHA-256: 0f6889379f4369862a936b25d230fbeed0da408e65a82d5e5b55b332a77d7292
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded URLs pointing to external PDF documents on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/understanding-legal-trends-in-the-private-equity-and-venture-capital.pdf
    • http://www.gorillawalker.com/the-korean-war-soldier-at-heartbreak-ridge.pdf
    • http://www.gorillawalker.com/the-celt-the-roman-and-the-saxon-a-history-of.pdf
    • http://www.gorillawalker.com/the-civil-war-package-titles.pdf
    • http://www.gorillawalker.com/information-technology-best-practices-for-auditors-and-managers-audit-attest.pdf
    • http://www.gorillawalker.com/vers-ispahan-exeter-french-texts-french-edition.pdf
    • http://www.gorillawalker.com/private-choices-public-consequences-reproductive-technology-and-the-new-ethics.pdf
    • http://www.gorillawalker.com/the-gun-digest-book-of-firearms-fakes-and-reproductions.pdf
    • http://www.gorillawalker.com/making-your-mind-magnificent-use-the-new-brain-science-to.pdf
    • http://www.gorillawalker.com/cambodian-for-beginners.pdf
    • http://www.gorillawalker.com/the-archaeology-of-events-cultural-change-and-continuity-in-the.pdf
    • http://www.gorillawalker.com/edouard-glissant-cambridge-studies-in-african-and-caribbean-literature.pdf
    • http://www.gorillawalker.com/reading-6-for-christian-schools-as-full-as-the-world.pdf
    • http://www.gorillawalker.com/coldfusion-fast-easy-web-development.pdf
    • http://www.gorillawalker.com/feminist-therapy-theories-of-psychotherapy.pdf
    • http://www.gorillawalker.com/sweet-southern-trouble.pdf
    • http://www.gorillawalker.com/thin-layer-chromatography-an-annotated-bibliography-1964-1968.pdf
    • http://www.gorillawalker.com/the-amazing-argentine-a-new-land-of-enterprise.pdf
    • http://www.gorillawalker.com/from-information-to-transformation-education-for-the-evolution-of-consciousness.pdf
    • http://www.gorillawalker.com/lonely-planet-timor-leste-east-timor-travel-guide.pdf
    • http://www.gorillawalker.com/d-brane-superstrings-and-new-perspective-of-our-world.pdf
    • http://www.gorillawalker.com/the-evolution-of-english-lexicography.pdf
    • http://www.gorillawalker.com/race-rights-and-reparation-law-and-the-japanese-american-internment.pdf
    • http://www.gorillawalker.com/if-women-have-courage-among-shepherds-sheiks-and-scientists-in.pdf
    • http://www.gorillawalker.com/application-and-theory-of-petri-nets-1999-20th-international-conference.pdf
    • http://www.gorillawalker.com/the-eyes-have-it-an-introduction-to-iridology.pdf
    • http://www.gorillawalker.com/illegitimacy-a-philosophical-examination-blackwell-or-cornell-up-1982.pdf
    • http://www.gorillawalker.com/introduction-to-sip-ip-telephony-systems-technology-basics-services-economics.pdf
    • http://www.gorillawalker.com/the-mathematical-and-physical-modeling-of-primary-metals-processing-operations.pdf
    • http://www.gorillawalker.com/evaluation-of-renal-function-and-disease-with-radionuclides-progress-in.pdf
    • http://www.gorillawalker.com/sucking-salt-caribbean-women-writers-migration-and-survival.pdf
    • http://www.gorillawalker.com/embrace-my-story-from-body-loather-to-body-lover.pdf
    • http://www.gorillawalker.com/bible-stories-and-the-miracle-of-hanukkah.pdf
    • http://www.gorillawalker.com/only-when-i-sleep-my-family-s-journey-through-cancer.pdf
    • http://www.gorillawalker.com/turandot-opera-vocal-score-paperback.pdf
    • http://www.gorillawalker.com/easy-solos-for-beginning-viola.pdf
    • http://www.gorillawalker.com/in-the-plex-how-google-thinks-works-and-shapes-our.pdf
    • http://www.gorillawalker.com/aboman-s-guide-to-survival-self-reliance-practical-skills-for.pdf
    • http://www.gorillawalker.com/cruising-me-an-occasional-diary.pdf
    • http://www.gorillawalker.com/ign-de13-bouches-du-rhone-aqua3-ign.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.