Malicious PDF — malware analysis report

Static analysis result for SHA-256 14e46921f9e50979…

MALICIOUS

PDF

46.2 KB Created: 2018-11-14 08:20:55 +03:00 Authoring application: FineReader (via -)
MD5: 5d810f7e617ad67433daac369faa2a63 SHA-1: 9725c3020b94db9ad6c472f7832a6374b1774100 SHA-256: 14e46921f9e5097988de877c56e0b89ef9040c83bacaa414db842c8388600c3b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. No scripts were extracted, and the document body was unreadable, limiting further analysis of intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hermetic-pumps-the-latest-innovations-and-industrial-applications-of-sealless.pdf
    • http://www.gorillawalker.com/handbook-on-international-sports-law-research-handbooks-in-international-law.pdf
    • http://www.gorillawalker.com/macbeth-vocal-score.pdf
    • http://www.gorillawalker.com/psycho-stepbrother-the-complete-series.pdf
    • http://www.gorillawalker.com/when-spring-comes-an-owlet-book.pdf
    • http://www.gorillawalker.com/crafting-an-ebook-in-7-days-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/bush-at-war.pdf
    • http://www.gorillawalker.com/the-mansion-on-turtle-creek-cookbook-haute-cuisine-texas-style.pdf
    • http://www.gorillawalker.com/primavera.pdf
    • http://www.gorillawalker.com/gwr-the-badminton-line-a-portrait-of-a-railway.pdf
    • http://www.gorillawalker.com/vegan-athlete-cookbook-101-flavorful-plant-based-recipes-for-health.pdf
    • http://www.gorillawalker.com/flying-a-floatplane.pdf
    • http://www.gorillawalker.com/multilevel-and-longitudinal-modeling-using-stata-volume-i-continuous-responses.pdf
    • http://www.gorillawalker.com/lab-manual-for-gilles-automotive-service-4th.pdf
    • http://www.gorillawalker.com/drawn-from-water-an-american-poet-an-ethiopian-family-an.pdf
    • http://www.gorillawalker.com/infection-ischemia-and-amputation-an-issue-of-foot-and-ankle.pdf
    • http://www.gorillawalker.com/financial-institutions-valuations-mergers-and-acquisitions-the-fair-value-approach.pdf
    • http://www.gorillawalker.com/dynamical-systems-and-applications-world-scientific-series-in-applicable-analysis.pdf
    • http://www.gorillawalker.com/cd-for-medical-transcription-fundamentals-and-practice.pdf
    • http://www.gorillawalker.com/the-modern-day-gunslinger-the-ultimate-handgun-training-manual.pdf
    • http://www.gorillawalker.com/the-rebel-an-essay-of-man-in-revolt.pdf
    • http://www.gorillawalker.com/5-reasons-to-tell-your-boss-to-go-f-k.pdf
    • http://www.gorillawalker.com/diario-de-una-adolescente-spanish-edition.pdf
    • http://www.gorillawalker.com/a-wife-s-little-instruction-book-your-survival-guide-to.pdf
    • http://www.gorillawalker.com/bastien-piano-basics-theory-level-1.pdf
    • http://www.gorillawalker.com/analyzing-data-making-decisions-statistics-for-business-second-canadian-edition.pdf
    • http://www.gorillawalker.com/connecticut-test-prep-sbac-practice-book-english-language-arts-grade.pdf
    • http://www.gorillawalker.com/mountains-painted-with-turmeric.pdf
    • http://www.gorillawalker.com/calibre-inspector-brant-series.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-the-waste-land-cambridge-companions-to.pdf
    • http://www.gorillawalker.com/style-ten-lessons-in-clarity-and-grace-7th-edition.pdf
    • http://www.gorillawalker.com/helicopter-gunships-deadly-combat-weapon-systems-specialty-press.pdf
    • http://www.gorillawalker.com/the-rise-of-islam-and-the-bengal-frontier-1204-1760.pdf
    • http://www.gorillawalker.com/celebrating-everyday-life.pdf
    • http://www.gorillawalker.com/norway-map-insight-travel-maps.pdf
    • http://www.gorillawalker.com/vlsi-high-speed-i-o-circuits.pdf
    • http://www.gorillawalker.com/stan-lee-s-how-to-write-comics-from-the-legendary.pdf
    • http://www.gorillawalker.com/jesus-led-me-all-the-way.pdf
    • http://www.gorillawalker.com/geometric-crystallography-an-axiomatic-introduction-to-crystallography.pdf
    • http://www.gorillawalker.com/the-prince-s-housekeeper-bride-prince-incognito-harlequin-comics.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.