Malicious PDF — malware analysis report

Static analysis result for SHA-256 3909302d618d5233…

MALICIOUS

PDF

45.3 KB Created: 2018-12-07 18:27:48 +03:00 Authoring application: PrimoPDF http://www.primopdf.com/ (via PrimoPDF)
MD5: 1e79fa8f3ba89e47e629b65959be053b SHA-1: 7331b4dbd9dd5be9e7f99cda72edc32e62133f09 SHA-256: 3909302d618d52330e649aa52f060eef642b88801880008fdfb97007dd737092
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO abuse tactic. The ML classifier also indicated a high probability of maliciousness. No scripts were extracted, and the document body was unreadable, but the sheer volume of embedded URLs points to a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-history-of-the-chicago-white-sox-baseball-the-great.pdf
    • http://www.gorillawalker.com/gre-chemistry-w-cd-rom-4th-ed-gre-test-preparation.pdf
    • http://www.gorillawalker.com/enter-the-ark-of-manifestations-accessing-the-supernatural-through-the.pdf
    • http://www.gorillawalker.com/bolet-n-de-la-librer-a-obras-antiguas-y-modernas.pdf
    • http://www.gorillawalker.com/five-sisters-women-against-the-tsar.pdf
    • http://www.gorillawalker.com/the-solid-gold-mailbox-how-to-create-winning-mail-order.pdf
    • http://www.gorillawalker.com/the-blackwell-encyclopedia-of-management-organizational-behavior-blackwell-encyclopaedia-of.pdf
    • http://www.gorillawalker.com/fortress-commentary-on-the-bible-two-volume-set.pdf
    • http://www.gorillawalker.com/south-western-federal-taxation-2011-individual-income-taxes-professional-version.pdf
    • http://www.gorillawalker.com/arise-awakened-fate-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/the-creation-of-evil.pdf
    • http://www.gorillawalker.com/the-prince-and-the-pauper-puffin-classics.pdf
    • http://www.gorillawalker.com/computer-cartography-in-sweden-papers-selected-from-a-swedish-seminar.pdf
    • http://www.gorillawalker.com/democracy-in-twenty-first-century-america-race-class-religion-and.pdf
    • http://www.gorillawalker.com/the-carole-king-keyboard-book-note-for-note-keyboard-transcriptions.pdf
    • http://www.gorillawalker.com/best-of-baking-by-wolter-annette-teubner-christian.pdf
    • http://www.gorillawalker.com/escape-with-one-s-life-learning-to-live-with-survival.pdf
    • http://www.gorillawalker.com/captured-by-centaurs-m-m-centaur-dark-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/what-s-in-your-pizza-what-s-in-your-fast.pdf
    • http://www.gorillawalker.com/child-support-guidelines-in-canada-2009.pdf
    • http://www.gorillawalker.com/leine-heide-radweg-von-der-leine-quelle-bis-nach-hamburg.pdf
    • http://www.gorillawalker.com/history-and-renaissance-of-the-grand-canal-from-beijing-to.pdf
    • http://www.gorillawalker.com/guide-to-the-crystal-gems-steven-universe.pdf
    • http://www.gorillawalker.com/the-adventures-of-starlight-and-sunny-i-am-me-who.pdf
    • http://www.gorillawalker.com/hiking-indiana-a-guide-to-the-state-s-greatest-hiking.pdf
    • http://www.gorillawalker.com/the-book-of-jon.pdf
    • http://www.gorillawalker.com/expression-in-music.pdf
    • http://www.gorillawalker.com/from-the-trench-of-mission-control-to-the-craters-of.pdf
    • http://www.gorillawalker.com/planar-chromatography-in-the-life-sciences.pdf
    • http://www.gorillawalker.com/the-oxy-acetylene-weldor-s-handbook-a-complete-practical-manual.pdf
    • http://www.gorillawalker.com/xxx-milfs-secret-photos-of-naked-wifes.pdf
    • http://www.gorillawalker.com/william-klein-new-york-1954-1955.pdf
    • http://www.gorillawalker.com/the-eu-mexico-free-trade-agreement-free-trade-agreements-of.pdf
    • http://www.gorillawalker.com/human-body-dk-eyewitness-books.pdf
    • http://www.gorillawalker.com/sexual-blackmail-the-story-of-a-very-bad-man.pdf
    • http://www.gorillawalker.com/papua-new-guinea-1-2-000-000-papua-irian-jaya.pdf
    • http://www.gorillawalker.com/the-effect-of-the-war-of-1812-upon-the-consolidation.pdf
    • http://www.gorillawalker.com/the-wizard-within-the-krasner-method-of-clinical-hypnotherapy.pdf
    • http://www.gorillawalker.com/big-cat-reading-lions-level-2-practice-reading.pdf
    • http://www.gorillawalker.com/ethnic-embroidery-an-introduction-with-special-reference-to-the-embroidery.pdf
    • http://www.primopdf.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.