Malicious PDF — malware analysis report

Static analysis result for SHA-256 21bf5cfefe364377…

MALICIOUS

PDF

32.4 KB Created: 2020-03-13 01:09:50 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: 1854435042dac9bc5948d5a684c0220c SHA-1: 0b157c611f424dc75a9016ebceb55c0061ee475b SHA-256: 21bf5cfefe364377d34b621c9d0acdad2f1d977e9bc65863d6759be4d4fca0ae
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links to PDFs on the same domain indicates a coordinated effort to distribute content or potentially lead users to malicious sites disguised as legitimate documents. The ML classifier also indicated a high probability of maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8488

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stories-in-stone-the-complete-guide-to-cemetery-symbolism-and.pdf
    • http://www.gorillawalker.com/eyes-in-the-sky-eisenhower-the-cia-and-cold-war.pdf
    • http://www.gorillawalker.com/absolute-beginners-ukulele.pdf
    • http://www.gorillawalker.com/the-block-rug-with-3x5-inch-squares-a-vintage-1953.pdf
    • http://www.gorillawalker.com/sir-john-davies-and-the-conquest-of-ireland-a-study.pdf
    • http://www.gorillawalker.com/evidence-based-approaches-in-positive-education-implementing-a-strategic-framework.pdf
    • http://www.gorillawalker.com/make-your-own-rules-diet.pdf
    • http://www.gorillawalker.com/till-there-was-you.pdf
    • http://www.gorillawalker.com/population-genetics-and-evolution.pdf
    • http://www.gorillawalker.com/in-my-life-the-beatles-ssaa-a-cappella-ttbb-acappel.pdf
    • http://www.gorillawalker.com/grammar-for-teachers-a-guide-to-american-english-for-native.pdf
    • http://www.gorillawalker.com/night-dancer.pdf
    • http://www.gorillawalker.com/sister-sarah-s-west-viriginia-lucky-address-finders-kindle-edition.pdf
    • http://www.gorillawalker.com/first-chicago-guide.pdf
    • http://www.gorillawalker.com/unusual-hotels-europe.pdf
    • http://www.gorillawalker.com/mr-speaker-the-life-and-times-of-thomas-b-reed.pdf
    • http://www.gorillawalker.com/the-irish-statute-staple-books-1596-1687-with-cd-rom.pdf
    • http://www.gorillawalker.com/jaina-sutras-part-ii.pdf
    • http://www.gorillawalker.com/the-return-of-george-sutherland.pdf
    • http://www.gorillawalker.com/finite-mathematics-third-edition.pdf
    • http://www.gorillawalker.com/the-evolution-of-fashion-pattern-and-cut-from-1066-to.pdf
    • http://www.gorillawalker.com/creative-eclairs-over-30-fabulous-flavours-and-easy-cake-decorating.pdf
    • http://www.gorillawalker.com/history-of-gnosticism.pdf
    • http://www.gorillawalker.com/supergods.pdf
    • http://www.gorillawalker.com/disney-a-to-z-the-official-encyclopedia.pdf
    • http://www.gorillawalker.com/the-spiritual-guidance-of-the-individual-and-humanity-some-results.pdf
    • http://www.gorillawalker.com/testimonios-early-california-through-the-eyes-of-women-1815-150.pdf
    • http://www.gorillawalker.com/introduction-to-infrared-and-raman-spectroscopy.pdf
    • http://www.gorillawalker.com/within-reach-a-novel.pdf
    • http://www.gorillawalker.com/tuaregs-endangered-cultures.pdf
    • http://www.gorillawalker.com/symphony-no-42-in-d-major-hob-i-42-full.pdf
    • http://www.gorillawalker.com/the-value-of-talent-promoting-talent-management-across-the-organization.pdf
    • http://www.gorillawalker.com/whale-talk-kindle-edition.pdf
    • http://www.gorillawalker.com/mathematical-methods-for-physicists-sixth-edition-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/design-of-fishways-and-other-fish-facilities.pdf
    • http://www.gorillawalker.com/jazz-theory-and-practice.pdf
    • http://www.gorillawalker.com/routledge-international-handbook-of-medical-education-routledge-international-handbooks.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-weird-word-origins.pdf
    • http://www.gorillawalker.com/el-gran-libro-del-tarot-manual-pr.pdf
    • http://www.gorillawalker.com/voices-in-court-a-treasury-of-the-law.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.