Malicious PDF — malware analysis report

Static analysis result for SHA-256 182f4c36bfeff12e…

MALICIOUS

PDF

36.3 KB Created: 2019-09-18 21:23:50 +03:00 Authoring application: - (via Haru Free PDF Library 2.1.0)
MD5: 6eef5bf3dfbf8e4ee79a7d1ffa2b6759 SHA-1: d9bb9b644c0055a072adc8d768d531599820a236 SHA-256: 182f4c36bfeff12eeda8093c0de6b3e203e8181c21c85ed70a2ddcbdfd46b2c7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were explicitly extracted, the nature of the link farm suggests an attempt to manipulate search engine results or distribute malicious content via these links, potentially as a form of phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/medieval-music-the-norton-introduction-to-music-history.pdf
    • http://www.gorillawalker.com/finding-haven.pdf
    • http://www.gorillawalker.com/terrorism-understanding-global-issues.pdf
    • http://www.gorillawalker.com/never-before-never-again-the-autobiography-of-eddie-robinson.pdf
    • http://www.gorillawalker.com/como-descubrir-sus-vidas-pasadas-spanish-how-to-series-spanish.pdf
    • http://www.gorillawalker.com/bailout-mania-the-treasury-department-and-federal-reserve-are-spending.pdf
    • http://www.gorillawalker.com/cultural-attitudes-in-psychological-perspective-studies-in-jungian-psychology-by.pdf
    • http://www.gorillawalker.com/berlitz-language-rapid-japanese-v-2-berlitz-rapid-english-and.pdf
    • http://www.gorillawalker.com/big-bot-small-bot-a-book-of-robot-opposites.pdf
    • http://www.gorillawalker.com/the-rose-of-bethlehem.pdf
    • http://www.gorillawalker.com/the-constitution-of-equality-democratic-authority-and-its-limits.pdf
    • http://www.gorillawalker.com/the-ultimate-hcg-diet-cookbook-for-the-revised-simeons-hcg.pdf
    • http://www.gorillawalker.com/business-cycles-history-theory-and-investment-reality.pdf
    • http://www.gorillawalker.com/the-curious-researcher-a-guide-to-writing-research-papers-8th.pdf
    • http://www.gorillawalker.com/the-radio-boys-at-the-sending-station-or-making-good.pdf
    • http://www.gorillawalker.com/paranormal-pleasure-a-vampire-s-tale-vol-1.pdf
    • http://www.gorillawalker.com/the-international-arms-trade.pdf
    • http://www.gorillawalker.com/kanazawa-the-other-side-of-japan.pdf
    • http://www.gorillawalker.com/official-netscape-navigator-3-0-windows-the-definitive-guide-to.pdf
    • http://www.gorillawalker.com/aves-de-cuba-field-guide-to-the-birds-of-cuba.pdf
    • http://www.gorillawalker.com/blood-sex-volume-1-michael.pdf
    • http://www.gorillawalker.com/david-a-man-after-god-s-own-heart.pdf
    • http://www.gorillawalker.com/an-introduction-to-probability-theory-and-its-applications-vol-1.pdf
    • http://www.gorillawalker.com/shades-of-truth-faithgirlz-from-sadie-s-sketchbook.pdf
    • http://www.gorillawalker.com/through-vulcan-s-eye-the-geology-and-geomorphology-of-lasson.pdf
    • http://www.gorillawalker.com/tan-gun-and-to-san-of-tae-kwon-do-hyung.pdf
    • http://www.gorillawalker.com/yoga-for-kids-ashok-wahi-s-the-missing-peace.pdf
    • http://www.gorillawalker.com/readings-and-issues-in-cost-management.pdf
    • http://www.gorillawalker.com/mosbys-textbook-for-nursing-assistants-soft-cover-version-8e-by.pdf
    • http://www.gorillawalker.com/the-lathe-book-a-complete-guide-to-the-machine-and.pdf
    • http://www.gorillawalker.com/surgery-basic-science-and-clinical-evidence-norton-surgery.pdf
    • http://www.gorillawalker.com/confronting-racism-poverty-and-power-classroom-strategies-to-change-the.pdf
    • http://www.gorillawalker.com/streetwise-transitwise-new-york-city-subway-map-manhattan-subway-map.pdf
    • http://www.gorillawalker.com/reglamento-general-disciplinario-veterinario-spanish-edition.pdf
    • http://www.gorillawalker.com/kickboxing-and-mma-winning-ways-mastering-martial-arts.pdf
    • http://www.gorillawalker.com/mastering-kindergarten-skills.pdf
    • http://www.gorillawalker.com/a-latin-epic-reader-selections-from-ten-epics.pdf
    • http://www.gorillawalker.com/morphodynamics-of-inner-continental-shelves.pdf
    • http://www.gorillawalker.com/alcoholism-its-cause-and-cure-from-the-viewpoint-of-science.pdf
    • http://www.gorillawalker.com/1940-little-stories-in-song-mormon-hymn-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.