Malicious PDF — malware analysis report

Static analysis result for SHA-256 1985dedb502aae59…

MALICIOUS

PDF

43.7 KB Created: 2019-04-04 15:23:36 +03:00 Authoring application: AH XSL Formatter V6.2 MR5 for Windows (x64) : 6.2.7.18952 (via Antenna House PDF Output Library 6.2.625 (Windows (x64)))
MD5: 2195c332a63d1e56baccdbcafda3eb2e SHA-1: 9fc85d957da5c57666dddcc11e59fd9a162abb8d SHA-256: 1985dedb502aae59673b5a157f0d9ff24a53a7add4af76505fadf4d25ff0a8cb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various external resources, suggesting a potential attempt at SEO manipulation or distribution of further malicious content. While no scripts were explicitly extracted, the nature of the embedded links and the ML classifier's high confidence indicate a malicious intent. The document itself appears to be a lure, directing users to external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/surrender-how-the-clinton-administration-completed-the-reagan-revolution.pdf
    • http://www.gorillawalker.com/a-written-republic-cicero-s-philosophical-politics.pdf
    • http://www.gorillawalker.com/investigaci-n-comercial-y-de-mercados-una-gu-a-paso.pdf
    • http://www.gorillawalker.com/his-power-through-you.pdf
    • http://www.gorillawalker.com/maplecroft-the-borden-dispatches.pdf
    • http://www.gorillawalker.com/sled-dogs-make-for-mushing-in-colorado-backcountry-attitude-altitude.pdf
    • http://www.gorillawalker.com/zazefina-a-sissy-slave-story-of-male-on-male-forced.pdf
    • http://www.gorillawalker.com/the-miracle-of-garlic-practical-tips-for-home-health.pdf
    • http://www.gorillawalker.com/the-intended-and-unintended-effects-of-u-s-agricultural-and.pdf
    • http://www.gorillawalker.com/the-master-key-audio-series-qigong-secrets-for-vitality-love.pdf
    • http://www.gorillawalker.com/murder-on-the-lake-detective-inspector-skelgill-investigates-book-4.pdf
    • http://www.gorillawalker.com/the-minor-prophets-an-expositional-commentary-hosea-jonah.pdf
    • http://www.gorillawalker.com/lab-manual-for-the-effective-reader.pdf
    • http://www.gorillawalker.com/fantasie-in-f-minor-op-103-sheet-music-piano-four.pdf
    • http://www.gorillawalker.com/delayed-legacy-a-son-s-search-for-the-story-of.pdf
    • http://www.gorillawalker.com/baby-bonanza-harlequin-comics.pdf
    • http://www.gorillawalker.com/the-new-gods.pdf
    • http://www.gorillawalker.com/irony-in-the-short-stories-of-edith-wharton-studies-in.pdf
    • http://www.gorillawalker.com/acoustics-and-the-performance-of-music-manual-for-acousticians-audio.pdf
    • http://www.gorillawalker.com/concurrency-control-and-recovery-in-database-systems.pdf
    • http://www.gorillawalker.com/medical-and-psychological-effects-of-concentration-camps-on-holocaust-survivors.pdf
    • http://www.gorillawalker.com/spytime-the-undoing-of-james-jesus-angleton.pdf
    • http://www.gorillawalker.com/a-very-opinionated-christmas-tree-dramas-speeches-and-recitations-for.pdf
    • http://www.gorillawalker.com/clinical-laboratory-procedures-parasitology-medical-service.pdf
    • http://www.gorillawalker.com/by-john-w-moore-conrad-l-stanitski-peter-c-jurs.pdf
    • http://www.gorillawalker.com/reservoir-geomechanics.pdf
    • http://www.gorillawalker.com/arc-welding-in-design-manufacture-and-construction.pdf
    • http://www.gorillawalker.com/6-songs-op-48-ein-traum-no-6-for-theatre.pdf
    • http://www.gorillawalker.com/baptist-standard-hymnal-with-responsive-readings-a-new-book-for.pdf
    • http://www.gorillawalker.com/machine-learning-based-sequence-analysis-bioinformatics-nanopore-transduction-detection.pdf
    • http://www.gorillawalker.com/sos-a-teenage-guide-to-getting-home-in-safety.pdf
    • http://www.gorillawalker.com/quantum-un-speakables-from-bell-to-quantum-information.pdf
    • http://www.gorillawalker.com/girl-4-di-january-david.pdf
    • http://www.gorillawalker.com/west-new-rochelle-n-y-an-italian-journey.pdf
    • http://www.gorillawalker.com/the-development-of-the-monotremata-part-i-the-histology-of.pdf
    • http://www.gorillawalker.com/nobel-lectures-in-literature-1981-1990-nobel-lectures-including-presentation.pdf
    • http://www.gorillawalker.com/sodium-6-defiance-kindle-edition.pdf
    • http://www.gorillawalker.com/law-land-and-family-aristocratic-inheritance-in-england-1300-to.pdf
    • http://www.gorillawalker.com/meetings-that-work-a-practical-guide-to-teamwork-in-different.pdf
    • http://www.gorillawalker.com/the-u-s-army-green-berets-the-missions-american-special.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.