Malicious PDF — malware analysis report

Static analysis result for SHA-256 16515ec054399cd2…

MALICIOUS

PDF

46.4 KB Created: 2019-02-15 09:00:20 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 98874edb571a9428678f0bb033b70785 SHA-1: 44dd718a32c0180f8300fdaf15ca671e6c9021e6 SHA-256: 16515ec054399cd2ca1a15075ff6866a14dcc76ca746a4ab83ffdaefedca82c9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a malicious intent to manipulate search engine results or redirect users to potentially harmful content. While no specific scripts were extracted, the presence of numerous external links points towards a phishing or content-distribution attack vector. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rigby-pm-stars-individual-student-edition-red-levels-3-5.pdf
    • http://www.gorillawalker.com/joad-the-toad.pdf
    • http://www.gorillawalker.com/catalogue-of-paintings-by-vassili-verestchagin-including-the-campaign-of.pdf
    • http://www.gorillawalker.com/green-smoothie-recipes-to-kickstart-your-health-and-healing-how.pdf
    • http://www.gorillawalker.com/dias-de-combate-escrito-por-paco-ignacio-taibo-ii-listen.pdf
    • http://www.gorillawalker.com/finding-financial-fulfillment.pdf
    • http://www.gorillawalker.com/reversing-hypertension-a-vital-new-program-to-prevent-treat-and.pdf
    • http://www.gorillawalker.com/the-artist-within.pdf
    • http://www.gorillawalker.com/metal-guitar-method-book-with-dvd.pdf
    • http://www.gorillawalker.com/before-you-write-that-book-21-things-you-need-to.pdf
    • http://www.gorillawalker.com/the-life-and-writings-of-thomas-helwys-early-english-baptist.pdf
    • http://www.gorillawalker.com/design-and-installation-of-comminution-circuits.pdf
    • http://www.gorillawalker.com/you-can-paint-pastels.pdf
    • http://www.gorillawalker.com/la-casa-m-gica-fortalezca-su-hogar-con-amor-salud.pdf
    • http://www.gorillawalker.com/olympic-games-80-years-of-people-events-and-records.pdf
    • http://www.gorillawalker.com/counting-in-the-temperate-forest-counting-in-the-biomes.pdf
    • http://www.gorillawalker.com/quantum-leaps-100-scientists-who-changed-the-world.pdf
    • http://www.gorillawalker.com/members-of-the-family.pdf
    • http://www.gorillawalker.com/am-i-small-ako-ba-ay-maliit-children-s-picture.pdf
    • http://www.gorillawalker.com/la-caverna-de-noesis-vida-y-muerte-de-john-wohl.pdf
    • http://www.gorillawalker.com/cherry-blossoms-the-official-book-of-the-national-cherry-blossom.pdf
    • http://www.gorillawalker.com/diagnosticos-enfermeros-definiciones-y-clasificacion-2007-2008-1e-spanish-edition.pdf
    • http://www.gorillawalker.com/by-dr-ritamarie-loscalzo-dessert-making-it-rich-without-oil.pdf
    • http://www.gorillawalker.com/celtic-woman-songbook-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/the-myth-of-the-200-barrier-how-to-lead-through.pdf
    • http://www.gorillawalker.com/stop-go-fast-grocery-guide.pdf
    • http://www.gorillawalker.com/mosby-s-pharmacology-memory-notecards-visual-mnemonic-and-memory-aids.pdf
    • http://www.gorillawalker.com/economics-bounded-rationality-and-the-cognitive-revolution.pdf
    • http://www.gorillawalker.com/the-master-your-metabolism-calorie-counter.pdf
    • http://www.gorillawalker.com/quadrature-amplitude-modulation-from-basics-to-adaptive-trellis-coded-turbo.pdf
    • http://www.gorillawalker.com/the-men-s-health-big-book-of-food-nutrition-your.pdf
    • http://www.gorillawalker.com/ear-training-volume-i-scale-forms-through-six-basic-tetrachords.pdf
    • http://www.gorillawalker.com/selected-decisions-and-selected-documents-of-the-international-monetary-fund.pdf
    • http://www.gorillawalker.com/chinese-idioms-and-their-english-equivalents-english-and-chinese-edition.pdf
    • http://www.gorillawalker.com/make-money-on-ebay-50-items-that-you-can-always.pdf
    • http://www.gorillawalker.com/the-floor-in-congressional-life-legislative-politics-and-policy-making.pdf
    • http://www.gorillawalker.com/essential-chinese-wisdom-xun-zi-spanish-chinese-edition-spanish-and.pdf
    • http://www.gorillawalker.com/the-morrigan-damaged-deities-kindle-edition.pdf
    • http://www.gorillawalker.com/the-newton-boys-portrait-of-an-outlaw-gang.pdf
    • http://www.gorillawalker.com/the-caregiver-s-legal-guide-planning-for-a-loved-one.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.