Malicious PDF — malware analysis report

Static analysis result for SHA-256 356d670c016f945f…

MALICIOUS

PDF

45.2 KB Created: 2018-12-15 20:47:06 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 8c70ce2d9f336e442933bcf309b7a215 SHA-1: 73d38ae363232d7451a841612092f7d3d167b87e SHA-256: 356d670c016f945f6c9f777e728b5b6aae78c2910bea85a1391b39749fb86c89
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a significant number of external links, indicating a link farm or SEO manipulation tactic. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to distribute content or lure users. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cajun-folktales-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/cities-ranked-rated-more-than-400-metropolitan-areas-evaluated-in.pdf
    • http://www.gorillawalker.com/fire-and-ice-liam-campbell-mysteries-series.pdf
    • http://www.gorillawalker.com/language-fundamentals-grade-5.pdf
    • http://www.gorillawalker.com/sketches-of-korea.pdf
    • http://www.gorillawalker.com/air-handling-systems-design.pdf
    • http://www.gorillawalker.com/the-politics-of-moral-capital-contemporary-political-theory.pdf
    • http://www.gorillawalker.com/it-starts-with-the-egg-how-the-science-of-egg.pdf
    • http://www.gorillawalker.com/madman-on-a-drum-a-mckenzie-novel-twin-cities-p.pdf
    • http://www.gorillawalker.com/21-etudes-with-notation-in-both-bass-and-alto-clefs.pdf
    • http://www.gorillawalker.com/prepare-the-way-of-the-lord-advent-large-bulletin.pdf
    • http://www.gorillawalker.com/correlative-neuroanatomy-of-computed-tomography-and-magnetic-resonance-imaging-with.pdf
    • http://www.gorillawalker.com/let-s-go-austria-switzerland.pdf
    • http://www.gorillawalker.com/marinades-the-quick-fix-way-to-turn-everyday-food-into.pdf
    • http://www.gorillawalker.com/the-magician-of-1919-modern-chinese-masters.pdf
    • http://www.gorillawalker.com/about-stomach-ulcers-nih-publication.pdf
    • http://www.gorillawalker.com/the-ecology-and-biology-of-nephrops-norvegicus-volume-64-advances.pdf
    • http://www.gorillawalker.com/a-cry-for-cuba-end-the-embargo-now.pdf
    • http://www.gorillawalker.com/cat-s-got-your-tongue-a-story-for-children-afraid.pdf
    • http://www.gorillawalker.com/jim-stoppani-s-encyclopedia-of-muscle-strength-2e-kindle-edition.pdf
    • http://www.gorillawalker.com/leading-with-honor-leadership-lessons-from-the-hanoi-hilton.pdf
    • http://www.gorillawalker.com/the-graduate-career-guidebook-advice-for-students-and-graduates-on.pdf
    • http://www.gorillawalker.com/wisconsin-the-story-of-the-badger-state.pdf
    • http://www.gorillawalker.com/rsd-in-me-a-patient-and-caretaker-guide-to-reflex.pdf
    • http://www.gorillawalker.com/fight-for-her.pdf
    • http://www.gorillawalker.com/orchestral-excerpts-from-the-symphonic-repertoire-for-trombone-and-tuba.pdf
    • http://www.gorillawalker.com/magnet-kursbuch-a1-mit-audio-cd-german-edition.pdf
    • http://www.gorillawalker.com/a-policy-on-geometric-design-of-highways-and-streets-2011.pdf
    • http://www.gorillawalker.com/etty-hillesum-an-interrupted-life-the-diaries-1941-1943-and.pdf
    • http://www.gorillawalker.com/natural-language-annotation-for-machine-learning-kindle-edition.pdf
    • http://www.gorillawalker.com/fierce-reads-fall-2012-chapter-sampler-kindle-edition.pdf
    • http://www.gorillawalker.com/gerontologic-nursing-5e-gerontologic-nursing-meiner-formerly-lueckenotte.pdf
    • http://www.gorillawalker.com/architecture-and-science.pdf
    • http://www.gorillawalker.com/science-technology-society-as-reform-in-science-education-suny-series.pdf
    • http://www.gorillawalker.com/eyewitness-evidence-a-guide-for-law-enforcement-research-report-introduction.pdf
    • http://www.gorillawalker.com/iso-1067-1974-analysis-of-soaps-determination-of-unsaponifiable-unsaponified.pdf
    • http://www.gorillawalker.com/introductory-quantum-chemistry-harper-s-chemistry-series.pdf
    • http://www.gorillawalker.com/solos-for-the-percussion-player-percussion-collection.pdf
    • http://www.gorillawalker.com/the-roman-empire-the-empire-of-the-edomite-scholar-s.pdf
    • http://www.gorillawalker.com/diagnostic-parasitology-clinical-laboratory-manual.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.