Malicious PDF — malware analysis report

Static analysis result for SHA-256 1695cbed2180bea8…

MALICIOUS

PDF

42.9 KB Created: 2019-01-06 08:09:04 +03:00 Authoring application: ABBYY FineReader 8.0 Professional Edition
MD5: 977cceb6561c53e09383fb4192cf2e97 SHA-1: 7de681d1022c1425d9fd7a71b41af56effcd2745 SHA-256: 1695cbed2180bea87284df7b8b09d3b909a1dcbc0ef446b40c58d8f4cb2165ee
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the ML classifier flagged the document as malicious. The embedded URLs likely serve as a lure to a link farm, potentially for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fury-1825-1826-the-great-awakenings-series-4.pdf
    • http://www.gorillawalker.com/fade-to-black-nero-wolfe.pdf
    • http://www.gorillawalker.com/achieve-pmp-exam-success-pmbok-guide-3rd-edition.pdf
    • http://www.gorillawalker.com/it-s-almost-here.pdf
    • http://www.gorillawalker.com/my-favorite-horror-story.pdf
    • http://www.gorillawalker.com/comforting-the-bereaved.pdf
    • http://www.gorillawalker.com/21st-century-ultimate-medical-guide-to-hypoglycemia-authoritative-clinical-information.pdf
    • http://www.gorillawalker.com/1-000-inventions-discoveries.pdf
    • http://www.gorillawalker.com/gregory-of-nazianzus-rhetor-and-philosopher.pdf
    • http://www.gorillawalker.com/assassin-s-creed-unity.pdf
    • http://www.gorillawalker.com/interracialism-and-christian-community-in-the-postwar-south-the-story.pdf
    • http://www.gorillawalker.com/the-15-minute-single-gourmet.pdf
    • http://www.gorillawalker.com/romanians-and-romania.pdf
    • http://www.gorillawalker.com/daughtry-piano-vocal-guitar-artist-songbook.pdf
    • http://www.gorillawalker.com/burning-down-the-house-a-photographic-study-of-berliner-graffiti.pdf
    • http://www.gorillawalker.com/foul-play.pdf
    • http://www.gorillawalker.com/common-medicinal-plants-uses-and-cultivation-practices.pdf
    • http://www.gorillawalker.com/can-i-tell-you-about-peanut-allergy-a-guide-for.pdf
    • http://www.gorillawalker.com/mutts-30-postcards-irresistible-postcards.pdf
    • http://www.gorillawalker.com/the-great-defender-my-hockey-odyssey.pdf
    • http://www.gorillawalker.com/college-composition-modular-clep-test-study-guide-pass-your-class.pdf
    • http://www.gorillawalker.com/crans-montana-switzerland-2nd-edition.pdf
    • http://www.gorillawalker.com/critical-and-miscellaneous-essays-early-kings-of-norway-and-essays.pdf
    • http://www.gorillawalker.com/topological-insulators-dirac-equation-in-condensed-matters-174-springer-series.pdf
    • http://www.gorillawalker.com/lymphomas-emerging-cancer-therapeutics-v3-i2.pdf
    • http://www.gorillawalker.com/150-projects-to-strengthen-your-photography-skills-essential-techniques-exercises.pdf
    • http://www.gorillawalker.com/after-school-nightmare-volume-1.pdf
    • http://www.gorillawalker.com/tales-of-the-san-francisco-cacophony-society.pdf
    • http://www.gorillawalker.com/stalking-the-herd-unraveling-the-cattle-mutilation-mystery.pdf
    • http://www.gorillawalker.com/main-street-of-america-cookbook.pdf
    • http://www.gorillawalker.com/she-s-not-my-real-mother.pdf
    • http://www.gorillawalker.com/uncle-remus-and-brer-rabbit-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/second-hand-smoke-a-novel.pdf
    • http://www.gorillawalker.com/wind-turbine-technology-and-design-the-art-and-science-of.pdf
    • http://www.gorillawalker.com/everything-i-was.pdf
    • http://www.gorillawalker.com/the-processions.pdf
    • http://www.gorillawalker.com/which-hotel-guide-1995-which-guides.pdf
    • http://www.gorillawalker.com/wave-propagation-and-scattering-in-random-media-vol-1-single.pdf
    • http://www.gorillawalker.com/finding-peace-for-your-heart-a-woman-s-guide-to.pdf
    • http://www.gorillawalker.com/atlas-of-head-and-neck-pathology-3e-atlas-of-surgical.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.