Malicious PDF — malware analysis report

Static analysis result for SHA-256 16ed0c7951f82d5f…

MALICIOUS

PDF

44.3 KB Created: 2019-04-10 12:10:10 +03:00 Authoring application: - (via iText 2.1.0 (by lowagie.com))
MD5: 158f0e4dccdf34b633aa5037cdc98311 SHA-1: 8ff75277a047217a3e34f820f2def8789ae77442 SHA-256: 16ed0c7951f82d5f450e397ad4b9217f3fe6092a7e564f59d3afce3a243ed80f
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous links to other PDF files suggests a link farm or SEO manipulation tactic. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-opus-majus-of-roger-bacon-vol-i.pdf
    • http://www.gorillawalker.com/garlic-mint-and-sweet-basil-essays-on-marseilles-the-mediterranean.pdf
    • http://www.gorillawalker.com/genetically-modified-foods-essential-viewpoints.pdf
    • http://www.gorillawalker.com/unexpected-pleasures-pleasure-montana-11-siren-publishing-menage-everlasting.pdf
    • http://www.gorillawalker.com/project-management-managerial-process.pdf
    • http://www.gorillawalker.com/turkeys-tuxes-and-tabbies-zoe-donovan-mystery-volume-10.pdf
    • http://www.gorillawalker.com/the-child-care-act-1991.pdf
    • http://www.gorillawalker.com/humphrey-s-bedtime-owlet-book.pdf
    • http://www.gorillawalker.com/ada-2012-rationale-the-language-the-standard-libraries-lecture-notes.pdf
    • http://www.gorillawalker.com/the-stones-applaud-how-cystic-fibrosis-shaped-my-childhood-hardcover.pdf
    • http://www.gorillawalker.com/skits-comedies-and-farces-for-teen-agers-a-collection-of.pdf
    • http://www.gorillawalker.com/a-house-to-remember-10-rillington-place.pdf
    • http://www.gorillawalker.com/king-arthur-and-his-knights-hardcover.pdf
    • http://www.gorillawalker.com/distinguished-inns-of-north-america-a-collection-of-the-finest.pdf
    • http://www.gorillawalker.com/medical-assistant.pdf
    • http://www.gorillawalker.com/knights-of-the-red-branch.pdf
    • http://www.gorillawalker.com/historic-virginia-gardens-preservation-work-of-the-garden-club-of.pdf
    • http://www.gorillawalker.com/ulysses-travel-arizona-grand-canyon-ulysses-travel-guide-french-guides.pdf
    • http://www.gorillawalker.com/stray-birds-rabindra-rachnavali-english-and-bengali-edition.pdf
    • http://www.gorillawalker.com/the-kingdom-of-god-is-like.pdf
    • http://www.gorillawalker.com/global-deception-the-un-s-stealth-assault-on-america-s.pdf
    • http://www.gorillawalker.com/soap-is-political.pdf
    • http://www.gorillawalker.com/bogs-baths-and-basins-the-story-of-domestic-sanitation.pdf
    • http://www.gorillawalker.com/born-of-proud-blood-between-the-rifle-and-the-spear.pdf
    • http://www.gorillawalker.com/milk-and-honey-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fertile-earth-nature-s-energies-in-agriculture-soil-fertilisation.pdf
    • http://www.gorillawalker.com/1997-uniform-building-code-volume-i-administrative-fire-and-life.pdf
    • http://www.gorillawalker.com/quakers-and-slavery-a-divided-spirit-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/barmy-british-empire-horrible-histories.pdf
    • http://www.gorillawalker.com/therapeutic-gastrointestinal-endoscopy-a-comprehensive-atlas.pdf
    • http://www.gorillawalker.com/inclusive-yet-discerning-navigating-worship-artfully-the-calvin-institute-of.pdf
    • http://www.gorillawalker.com/a-first-course-in-rational-continuum-mechanics-pure-and-applied.pdf
    • http://www.gorillawalker.com/hercules-hwv-60-full-score-a2621.pdf
    • http://www.gorillawalker.com/problems-and-solutions-in-medical-physics-three-volume-set.pdf
    • http://www.gorillawalker.com/toward-the-unknown-region-full-score-a7885.pdf
    • http://www.gorillawalker.com/what-if-there-were-no-bees-a-book-about-the.pdf
    • http://www.gorillawalker.com/mastering-windows-xp-professional.pdf
    • http://www.gorillawalker.com/fluency-with-information-technology-skills-concepts-capabilities.pdf
    • http://www.gorillawalker.com/nonsmooth-analysis-and-geometric-methods-in-deterministic-optimal-control-the.pdf
    • http://www.gorillawalker.com/2005-oncology-nursing-drug-handbook.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.