Malicious PDF — malware analysis report

Static analysis result for SHA-256 185550866b34878d…

MALICIOUS

PDF

39.5 KB Created: 2018-11-15 18:32:17 +03:00 Authoring application: (Infix Pro) (via PDFKit.NET 3.0.58.0)
MD5: fcf25a113ceef755b9ef9a575f0288f2 SHA-1: 15ef0c572275e30197a1c91379dcb0f8f1288c92 SHA-256: 185550866b34878d6c8b36ffb79daa64575fb7affc25322946727a3a0dce2d13
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, consistent with SEO link farming or content distribution tactics. While no scripts were extracted, the sheer volume of links suggests a malicious intent to direct users to potentially harmful content or to manipulate search engine results. The document body is heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9002

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/process-engineering-equipment-handbook.pdf
    • http://www.gorillawalker.com/outlines-of-pyrrhonism-great-books-in-philosophy.pdf
    • http://www.gorillawalker.com/expect-resistance-a-crimethink-field-manual.pdf
    • http://www.gorillawalker.com/rigged-p-s.pdf
    • http://www.gorillawalker.com/squire-s-fundamentals-of-radiology-sixth-edition.pdf
    • http://www.gorillawalker.com/the-train-never-stops-in-dixon-carissa-carpenter-promised-to.pdf
    • http://www.gorillawalker.com/discovering-finite-mathematics-and-calculus-with-examples-on-the-ti.pdf
    • http://www.gorillawalker.com/vascular-and-interventional-radiology-1e.pdf
    • http://www.gorillawalker.com/the-well-balanced-teacher-how-to-work-smarter-and-stay.pdf
    • http://www.gorillawalker.com/christmas-hits-for-2-cellos.pdf
    • http://www.gorillawalker.com/progressive-heritage-the-evolution-of-a-politically-radical-literary-tradition.pdf
    • http://www.gorillawalker.com/forms-with-fantasy-design-today.pdf
    • http://www.gorillawalker.com/the-language-teaching-controversy.pdf
    • http://www.gorillawalker.com/dimensions-of-private-law-categories-and-concepts-in-anglo-american.pdf
    • http://www.gorillawalker.com/calcium-regulating-hormones-vitamin-d-metabolites-and-cyclic-amp-assays.pdf
    • http://www.gorillawalker.com/shen-ru-mo-sheng-di-wai-guo-lu-xing-zhe.pdf
    • http://www.gorillawalker.com/beyond-the-big-bang.pdf
    • http://www.gorillawalker.com/one-kind-of-freedom-the-economic-consequences-of-emancipation.pdf
    • http://www.gorillawalker.com/holiday-in-rio-score.pdf
    • http://www.gorillawalker.com/an-enumeration-of-philippine-flowering-plants.pdf
    • http://www.gorillawalker.com/economics-of-money-banking-and-financial-markets-10th-edition.pdf
    • http://www.gorillawalker.com/concours-d-elegance-dream-cars-and-lovely-ladies.pdf
    • http://www.gorillawalker.com/dead-man-running-book-two-supernatural-bounty-hunter-romance-novellas.pdf
    • http://www.gorillawalker.com/unwholly-unwind.pdf
    • http://www.gorillawalker.com/10-things-to-do-with-embroidery-hoops-unique-and-inspiring.pdf
    • http://www.gorillawalker.com/m-val-martialis-epigrammata-oxford-classical-texts-latin-edition.pdf
    • http://www.gorillawalker.com/faith-development-and-fowler.pdf
    • http://www.gorillawalker.com/acrylics-step-by-step-art-school.pdf
    • http://www.gorillawalker.com/as-time-goes-by-in-argentina-economic-opportunities-and-challenges.pdf
    • http://www.gorillawalker.com/locker-room-humor-a-collection-of-jokes-stories-poems-and.pdf
    • http://www.gorillawalker.com/women-with-alcoholic-husbands-ambivalence-and-the-trap-of-codependency.pdf
    • http://www.gorillawalker.com/separate-roads-ribbons-west.pdf
    • http://www.gorillawalker.com/a-pebble-for-your-pocket-kindle-edition.pdf
    • http://www.gorillawalker.com/the-accidental-zucchini-an-unexpected-alphabet.pdf
    • http://www.gorillawalker.com/health-qigong-12-step-daoyin-health-preservation-exercises.pdf
    • http://www.gorillawalker.com/the-shipwreck-the-story-of-paul-s-rescue-at-sea.pdf
    • http://www.gorillawalker.com/the-great-sacrilege.pdf
    • http://www.gorillawalker.com/interpretation-of-the-environment-a-bibliography.pdf
    • http://www.gorillawalker.com/health-policy-politics-access-code.pdf
    • http://www.gorillawalker.com/where-the-red-fern-grows-a-unit-plan-litplans-on.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.