Malicious PDF — malware analysis report

Static analysis result for SHA-256 187e963923020d60…

MALICIOUS

PDF

47.2 KB Created: 2018-11-30 21:01:29 +03:00 Authoring application: QuarkXPress(R) 8.0
MD5: 283b088ce279fa2270bf5a5df5d77bf6 SHA-1: e8c52a795c136a7e614e11202384a0dc82109105 SHA-256: 187e963923020d604e735888a3781f093f1c04a1888ece35889326cc5f89e02b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external websites, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of embedded URLs within a PDF document suggests an attempt to redirect the user to potentially malicious content or to manipulate search engine rankings. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/all-about-the-girl-culture-power-and-identity.pdf
    • http://www.gorillawalker.com/hamburg-marco-polo-city-maps.pdf
    • http://www.gorillawalker.com/the-hunchback-of-notre-dame-a-stepping-stone-book-tm.pdf
    • http://www.gorillawalker.com/field-experience-guide-for-elementary-and-middle-school-mathematics-teaching.pdf
    • http://www.gorillawalker.com/aa-touring-england.pdf
    • http://www.gorillawalker.com/a-taste-of-venice-at-table-with-brunetti.pdf
    • http://www.gorillawalker.com/jerusalem-a-family-portrait.pdf
    • http://www.gorillawalker.com/spanish-american-war-the.pdf
    • http://www.gorillawalker.com/separated-aboriginal-childhood-separations-and-guardianship-law-institute-of-criminology.pdf
    • http://www.gorillawalker.com/contemporary-rural-geographies-land-property-and-resources-in-britain-essays.pdf
    • http://www.gorillawalker.com/pfi-and-construction-contracts-chandos-series-on-construction-facilities.pdf
    • http://www.gorillawalker.com/algae-microfarms-for-home-school-community-and-urban-gardens-rooftop.pdf
    • http://www.gorillawalker.com/nanocomposite-coatings-nanotechnology-science-and-technology.pdf
    • http://www.gorillawalker.com/modelling-complex-ecological-dynamics-an-introduction-into-ecological-modelling-for.pdf
    • http://www.gorillawalker.com/chocolate-star.pdf
    • http://www.gorillawalker.com/everything-pug-book-a-complete-guide-to-raising-training-and.pdf
    • http://www.gorillawalker.com/audit-of-the-financial-stability-oversight-council-s-compliance-with.pdf
    • http://www.gorillawalker.com/spellbinding-sentences-a-writer-s-guide-to-achieving-excellence-and.pdf
    • http://www.gorillawalker.com/hymn-of-entry-liturgy-and-life-in-the-orthodox-church.pdf
    • http://www.gorillawalker.com/rocks-in-his-head.pdf
    • http://www.gorillawalker.com/documentation-skills-for-quality-patient-care.pdf
    • http://www.gorillawalker.com/grip-strength-how-to-close-heavy-duty-hand-grippers-lift.pdf
    • http://www.gorillawalker.com/aliteratiunea-in-limbile-romanice-romanian-edition.pdf
    • http://www.gorillawalker.com/the-eczema-diet-eczema-safe-food-to-stop-the-itch.pdf
    • http://www.gorillawalker.com/long-term-clinical-care-of-parkinson-s-disease-5th-symposium.pdf
    • http://www.gorillawalker.com/corporate-storytelling-planning-and-creating-internal-communications.pdf
    • http://www.gorillawalker.com/signs-of-war-cris-de-niro-book-2.pdf
    • http://www.gorillawalker.com/lonely-planet-sweden-travel-guide-5th-fifth-by-lonely-planet.pdf
    • http://www.gorillawalker.com/bioengineering-for-surgery-the-critical-engineer-surgeon-interface.pdf
    • http://www.gorillawalker.com/church-a-generous-community-amplified-for-the-future.pdf
    • http://www.gorillawalker.com/the-three-years-the-life-of-christ-between-baptism-and.pdf
    • http://www.gorillawalker.com/iec-60050-300-ed-1-0-b-2001-international-electrotechnical.pdf
    • http://www.gorillawalker.com/ireland-and-migration-in-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/the-annotated-bibliography-of-canada-s-major-authors-volume-3.pdf
    • http://www.gorillawalker.com/helping-children-who-are-anxious-or-obsessional-and-willy-and.pdf
    • http://www.gorillawalker.com/romana-extra-band-32-german-edition.pdf
    • http://www.gorillawalker.com/nuclear-medicine-imaging-a-teaching-file-2nd-edition.pdf
    • http://www.gorillawalker.com/dictators-world-famous.pdf
    • http://www.gorillawalker.com/do-androids-dream-of-electric-sheep-vol-5.pdf
    • http://www.gorillawalker.com/lner-passenger-trains-and-formations-1923-67.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.