Malicious PDF — malware analysis report

Static analysis result for SHA-256 1715fd7a1ccb232f…

MALICIOUS

PDF

44.0 KB Created: 2019-04-10 12:10:08 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 958fafda99ef45c1b038989b8c537944 SHA-1: fdbf1be1e9184accafdd03137b68c1b8e514d1ed SHA-256: 1715fd7a1ccb232fa85786fdf0c04ae8a8a540540637312a0e96b81c3cc3de5b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of numerous links suggests an attempt to direct users to potentially malicious or SEO-manipulated content. The ML classifier also flagged this PDF as malicious, increasing confidence in its suspicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/earth-resources-and-the-environment-4th-edition.pdf
    • http://www.gorillawalker.com/the-power-of-daily-mass-how-frequent-participation-in-the.pdf
    • http://www.gorillawalker.com/spanish-cooking-a-wonderful-journey-through-culinary-delights-in-search.pdf
    • http://www.gorillawalker.com/native-trees-of-palau-a-field-guide.pdf
    • http://www.gorillawalker.com/bioetica-y-aborto-bioethics-and-abortion-hacia-una-cultura-de.pdf
    • http://www.gorillawalker.com/america-at-war-patriotic-radio-20-hour-collections.pdf
    • http://www.gorillawalker.com/the-pocket-idiot-s-guide-to-being-a-new-dad.pdf
    • http://www.gorillawalker.com/theory-and-practice-of-specialised-online-dictionaries-lexicographica-series-major.pdf
    • http://www.gorillawalker.com/in-the-kitchen-with-elinor-donahue-favorite-memories-and-recipes.pdf
    • http://www.gorillawalker.com/oh-baby-go-baby-dr-seuss-nursery-collection.pdf
    • http://www.gorillawalker.com/atlas-of-mesotherapy-in-skin-rejuvenation.pdf
    • http://www.gorillawalker.com/la-gu-a-definitiva-entrenar-con-pesas-para-raquetbol-y.pdf
    • http://www.gorillawalker.com/real-slow-cooking-how-to-get-the-most-out-of.pdf
    • http://www.gorillawalker.com/determinative-bacteriology-laboratory-manual.pdf
    • http://www.gorillawalker.com/public-health-and-preventive-medicine-in-canada.pdf
    • http://www.gorillawalker.com/equity-and-efficiency-through-local-measured-service-local-phone-companies.pdf
    • http://www.gorillawalker.com/the-scarlet-letter-society.pdf
    • http://www.gorillawalker.com/joseph-the-making-of-a-leader.pdf
    • http://www.gorillawalker.com/filmmaking-for-change-make-films-that-transform-the-world.pdf
    • http://www.gorillawalker.com/meyler-s-side-effects-of-drugs-the-international-encyclopedia-of.pdf
    • http://www.gorillawalker.com/cook-simple-effortless-cooking-every-day-by-diana-henry-2010.pdf
    • http://www.gorillawalker.com/alcohol-tobacco-kindle-edition.pdf
    • http://www.gorillawalker.com/electricidad-b-sica-corriente-alterna-spanish-edition.pdf
    • http://www.gorillawalker.com/living-out-islam-voices-of-gay-lesbian-and-transgender-muslims.pdf
    • http://www.gorillawalker.com/365-quilt-blocks-a-year-perpetual-calendar-that-patchwork-place.pdf
    • http://www.gorillawalker.com/the-devil-on-the-doorstep.pdf
    • http://www.gorillawalker.com/dr-goodenough-s-home-cures-and-herbal-remedies.pdf
    • http://www.gorillawalker.com/collins-elt-readers-151-amazing-leaders-level-1-collins-english.pdf
    • http://www.gorillawalker.com/media-violence-and-children-a-complete-guide-for-parents-and.pdf
    • http://www.gorillawalker.com/burn-the-pure-trilogy.pdf
    • http://www.gorillawalker.com/domestic-building-surveys-builders-bookshelf-series.pdf
    • http://www.gorillawalker.com/the-gettysburg-campaign-the-history-and-legacy-of-the-civil.pdf
    • http://www.gorillawalker.com/cows-etc-100-miniature-portraits.pdf
    • http://www.gorillawalker.com/bible-in-christian-north-africa.pdf
    • http://www.gorillawalker.com/reading-nastaliq-persian-and-urdu-hands-from-1500-to-the.pdf
    • http://www.gorillawalker.com/the-gosafe-book-of-reference-for-learner-drivers.pdf
    • http://www.gorillawalker.com/aurora-an-american-experience-in-quilt-community-and-craft.pdf
    • http://www.gorillawalker.com/the-saga-of-eric-brighteyes-illustrated-tolkien-s-bookshelf-6.pdf
    • http://www.gorillawalker.com/piano-fun-romantic-hits-for-adult-beginners.pdf
    • http://www.gorillawalker.com/berlitz-travel-guide-to-switzerland-french-speaking-areas.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.