Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a82dd4563c26db1…

MALICIOUS

PDF

36.9 KB Created: 2020-01-17 19:19:19 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: a0e52cb9d4583c7629ea0d21991db1d9 SHA-1: a5812a623e17260dacdfb1625f9f883ae48c6f99 SHA-256: 1a82dd4563c26db1ddc020aa75c7f0ca19cc55b87653afca8bfdb062f25b54c9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or SEO spam campaign. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the document. While no scripts were extracted, the sheer volume of links points to a malicious intent, likely to drive traffic to potentially harmful sites or engage in phishing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8196

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rome-berlitz-pocket-guide-and-italian-phrase-book-berlitz-pocket.pdf
    • http://www.gorillawalker.com/all-new-square-foot-gardening-second-edition-the-revolutionary-way.pdf
    • http://www.gorillawalker.com/mary-modern.pdf
    • http://www.gorillawalker.com/d-brane-superstrings-and-new-perspective-of-our-world.pdf
    • http://www.gorillawalker.com/the-signet-hebrew-english-english-hebrew-dictionary.pdf
    • http://www.gorillawalker.com/il-barbiere-di-siviglia-the-barber-of-seville-a-comic.pdf
    • http://www.gorillawalker.com/embrace-my-story-from-body-loather-to-body-lover.pdf
    • http://www.gorillawalker.com/from-information-to-transformation-education-for-the-evolution-of-consciousness.pdf
    • http://www.gorillawalker.com/muay-thai-basics-introductory-thai-boxing-techniques.pdf
    • http://www.gorillawalker.com/information-technology-best-practices-for-auditors-and-managers-audit-attest.pdf
    • http://www.gorillawalker.com/a-mission-to-gelele-king-of-dahome-with-notices-of.pdf
    • http://www.gorillawalker.com/contemporary-chinese-textbook-2-chinese-edition.pdf
    • http://www.gorillawalker.com/advanced-calculus-a-course-in-mathematical-analysis.pdf
    • http://www.gorillawalker.com/cruising-me-an-occasional-diary.pdf
    • http://www.gorillawalker.com/lonely-planet-timor-leste-east-timor-travel-guide.pdf
    • http://www.gorillawalker.com/race-rights-and-reparation-law-and-the-japanese-american-internment.pdf
    • http://www.gorillawalker.com/introduction-to-sip-ip-telephony-systems-technology-basics-services-economics.pdf
    • http://www.gorillawalker.com/turandot-opera-vocal-score-paperback.pdf
    • http://www.gorillawalker.com/coldfusion-fast-easy-web-development.pdf
    • http://www.gorillawalker.com/safeguarding-access-to-off-street-parking-facilities-for-people-with.pdf
    • http://www.gorillawalker.com/humboldt-on-language-on-the-diversity-of-human-language-construction.pdf
    • http://www.gorillawalker.com/private-choices-public-consequences-reproductive-technology-and-the-new-ethics.pdf
    • http://www.gorillawalker.com/the-eyes-have-it-an-introduction-to-iridology.pdf
    • http://www.gorillawalker.com/house-of-god-church-architecture-style-and-history.pdf
    • http://www.gorillawalker.com/chiropractic-cash-only-practice-the-book.pdf
    • http://www.gorillawalker.com/waking-up-white-and-finding-myself-in-the-story-of.pdf
    • http://www.gorillawalker.com/aboman-s-guide-to-survival-self-reliance-practical-skills-for.pdf
    • http://www.gorillawalker.com/astrological-calendar-for-the-gardener.pdf
    • http://www.gorillawalker.com/the-amazing-argentine-a-new-land-of-enterprise.pdf
    • http://www.gorillawalker.com/gendered-freedoms-race-rights-and-the-politics-of-household-in.pdf
    • http://www.gorillawalker.com/if-women-have-courage-among-shepherds-sheiks-and-scientists-in.pdf
    • http://www.gorillawalker.com/noise-and-fluctuations-twentieth-international-conference-on-noise-and-fluctuations.pdf
    • http://www.gorillawalker.com/get-them-talking-get-them-writing.pdf
    • http://www.gorillawalker.com/thin-layer-chromatography-an-annotated-bibliography-1964-1968.pdf
    • http://www.gorillawalker.com/the-civil-war-package-titles.pdf
    • http://www.gorillawalker.com/edouard-glissant-cambridge-studies-in-african-and-caribbean-literature.pdf
    • http://www.gorillawalker.com/process-of-organic-evolution.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-fly-fishing-in-british-columbia-paperback.pdf
    • http://www.gorillawalker.com/adele-for-piano-solo.pdf
    • http://www.gorillawalker.com/the-gun-digest-book-of-firearms-fakes-and-reproductions.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.