Malicious PDF — malware analysis report

Static analysis result for SHA-256 16c48594c8c6510b…

MALICIOUS

PDF

45.2 KB Created: 2018-11-14 08:37:13 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: fcd6ee3f11e75f550c30295a799c35c5 SHA-1: a5d2bea317aab51d3d9c2264f59a5d46b8ad6b7b SHA-256: 16c48594c8c6510b0346a24a3f68166fef4e84283f638b7a6bd33babc022a0e9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or hosting malicious content via a link farm, rather than direct exploitation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/environmental-management-quick-and-easy-creating-an-effective-iso-14001.pdf
    • http://www.gorillawalker.com/advanced-modern-control-system-theory-and-design.pdf
    • http://www.gorillawalker.com/el-metodo-moderno-para-la-guitarra-de-mel-bay-spanish.pdf
    • http://www.gorillawalker.com/the-proper-bishop-for-ordination-and-dimissorial-letters-1935-cua.pdf
    • http://www.gorillawalker.com/a-register-of-deceased-persons-at-sea-and-on-grosse.pdf
    • http://www.gorillawalker.com/design-of-modern-heuristics-principles-and-application-natural-computing-series.pdf
    • http://www.gorillawalker.com/searching-for-circles-rourke-board-books.pdf
    • http://www.gorillawalker.com/superfoods-vegan-desserts-over-30-quick-easy-gluten-free-vegan.pdf
    • http://www.gorillawalker.com/elena-delle-donne-randy-s-corner.pdf
    • http://www.gorillawalker.com/ladies-almanack-american-literature-series.pdf
    • http://www.gorillawalker.com/outrageous-courage-what-god-can-do-with-raw-obedience-and.pdf
    • http://www.gorillawalker.com/blessed-is-the-ordinary-reflections.pdf
    • http://www.gorillawalker.com/mexico-from-the-olmecs-to-the-aztecs-ancient-peoples-and.pdf
    • http://www.gorillawalker.com/a-comprehensive-treatise-on-inorganic-and-theoretical-chemistry-vol-viii.pdf
    • http://www.gorillawalker.com/nestled-amongst-temples-my-travels-in-india-kindle-edition.pdf
    • http://www.gorillawalker.com/haxe-2-beginner-s-guide.pdf
    • http://www.gorillawalker.com/coral-sea-reef-guide.pdf
    • http://www.gorillawalker.com/the-man-of-destiny.pdf
    • http://www.gorillawalker.com/the-cambridge-history-of-literary-criticism-volume-2-the-middle.pdf
    • http://www.gorillawalker.com/welcome-to-the-green-house.pdf
    • http://www.gorillawalker.com/the-complete-calorie-fat-carb-counter-paperback-common.pdf
    • http://www.gorillawalker.com/top-10-bangkok-eyewitness-top-10-travel-guide.pdf
    • http://www.gorillawalker.com/kent-s-own-the-story-of-no-500-county-of.pdf
    • http://www.gorillawalker.com/bound-to-the-warrior-love-inspired-historical.pdf
    • http://www.gorillawalker.com/wetland-indicators-a-guide-to-wetland-identification-delineation-classification-and.pdf
    • http://www.gorillawalker.com/elbert-s-bad-word.pdf
    • http://www.gorillawalker.com/billionaire-unbound-the-billionaire-s-obsession-chloe.pdf
    • http://www.gorillawalker.com/dangerous-benefits-the-ruby-danger-series-book-2.pdf
    • http://www.gorillawalker.com/the-white-rock-an-exploration-of-the-inca-heartland-kindle.pdf
    • http://www.gorillawalker.com/waterlocked-an-elemental-world-novella-volume-2.pdf
    • http://www.gorillawalker.com/regional-nerve-blocks-in-anesthesia-and-pain-therapy-traditional-and.pdf
    • http://www.gorillawalker.com/age-estimation-of-the-human-skeleton.pdf
    • http://www.gorillawalker.com/standard-guide-to-american-muscle-cars-a-supercar-source-book.pdf
    • http://www.gorillawalker.com/futa-wife-seduction-collection-futa-on-female-futa-on-futa.pdf
    • http://www.gorillawalker.com/180-not-out-north-kirklees-v-2-a-pictorial-history.pdf
    • http://www.gorillawalker.com/colonial-discourse-and-gender-in-u-s-criminal-courts-cultural.pdf
    • http://www.gorillawalker.com/rights-killing-and-suffering.pdf
    • http://www.gorillawalker.com/the-new-sensual-massage-3rd-edition.pdf
    • http://www.gorillawalker.com/for-the-love-of-sister-a-sibling-s-story.pdf
    • http://www.gorillawalker.com/i-will-pour-out-my-spirit-pentecost-bulletin-2016-pkg.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.