Malicious PDF — malware analysis report

Static analysis result for SHA-256 3b1dbb710d7a73df…

MALICIOUS

PDF

33.7 KB Created: 2019-09-27 00:14:00 +03:00 Authoring application: ABBYY FineReader (via -) First seen: 2021-06-28
MD5: ffeb061e2b322b0fd5313577eb3330d6 SHA-1: 441d5895159674790fa8da59c387709ebdabce69 SHA-256: 3b1dbb710d7a73df5fdeb35c89d1173bab4946614cf72101ec2b55eb0bd32613
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs likely serve as a link farm, potentially for SEO manipulation or to distribute additional malicious content, rather than a direct payload delivery mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rethinking-race-class-language-and-gender-a-dialogue-with-noam.pdf In PDF document text
    • http://www.gorillawalker.com/experiencing-the-heart-of-jesus-knowing-his-heart-feeling-his.pdfIn PDF document text
    • http://www.gorillawalker.com/brs-cell-biology-and-histology-board-review-series-by-gartner.pdfIn PDF document text
    • http://www.gorillawalker.com/a-season-on-the-brink-a-year-with-bob-knight.pdfIn PDF document text
    • http://www.gorillawalker.com/history-of-the-conquest-of-mexico-volume-iii.pdfIn PDF document text
    • http://www.gorillawalker.com/triple-bottom-line-risk-management-enhancing-profit-environmental-performance-and.pdfIn PDF document text
    • http://www.gorillawalker.com/the-remarkable-miss-frankenstein.pdfIn PDF document text
    • http://www.gorillawalker.com/chordtime-ragtime-marches-level-2b.pdfIn PDF document text
    • http://www.gorillawalker.com/great-little-book-on-mastering-your-time-brian-tracy-s.pdfIn PDF document text
    • http://www.gorillawalker.com/probabilistic-graphical-models-principles-and-techniques-adaptive-computation-and-machine.pdfIn PDF document text
    • http://www.gorillawalker.com/beginnings-understanding-how-we-experience-the-new-birth.pdfIn PDF document text
    • http://www.gorillawalker.com/someone-like-you-series-piano-vocal-guitar-sheet-music.pdfIn PDF document text
    • http://www.gorillawalker.com/family-business-models-practical-solutions-for-the-family-business.pdfIn PDF document text
    • http://www.gorillawalker.com/keri-russell-celebrity-bios.pdfIn PDF document text
    • http://www.gorillawalker.com/jamaican-anansi-stories.pdfIn PDF document text
    • http://www.gorillawalker.com/the-founders-the-constitution-and-public-administration-a-conflict-in.pdfIn PDF document text
    • http://www.gorillawalker.com/selected-poems-clarendon-german-german-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/carl-maria-von-weber-der-freischutz-vocal-score-opera-by.pdfIn PDF document text
    • http://www.gorillawalker.com/the-definitive-guide-to-apache-mod-rewrite-definitive-guides.pdfIn PDF document text
    • http://www.gorillawalker.com/big-league-city-oklahoma-city-s-rise-to-the-nba.pdfIn PDF document text
    • http://www.gorillawalker.com/gravel-in-my-shoe.pdfIn PDF document text
    • http://www.gorillawalker.com/deep-dark-and-dangerous-adventures-and-reflections-on-the-andrea.pdfIn PDF document text
    • http://www.gorillawalker.com/heaven-came-down-tonight-with-gesu-bambino.pdfIn PDF document text
    • http://www.gorillawalker.com/core-curriculum-writings-on-photography-aperture-ideas.pdfIn PDF document text
    • http://www.gorillawalker.com/mercedes-benz-personenwagen-1886-1986-german-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/handbook-of-comparative-public-administration-in-the-asia-pacific-basin.pdfIn PDF document text
    • http://www.gorillawalker.com/mine-environment-and-management-an-indian-scenario.pdfIn PDF document text
    • http://www.gorillawalker.com/broken-wings-an-angel-eyes-novel.pdfIn PDF document text
    • http://www.gorillawalker.com/el-caso-neruda-spanish-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/past-imperfect-future-tense-self-management-rules-for-survival-volume.pdfIn PDF document text
    • http://www.gorillawalker.com/computer-cartography-the-mapping-system-normap-location-models.pdfIn PDF document text
    • http://www.gorillawalker.com/meniere-man-in-the-kitchen-cooking-for-meniere-s-the.pdfIn PDF document text
    • http://www.gorillawalker.com/perfect-pleasure-guaranteed.pdfIn PDF document text
    • http://www.gorillawalker.com/fencing.pdfIn PDF document text
    • http://www.gorillawalker.com/law-enforcement-media-relations-handbook.pdfIn PDF document text
    • http://www.gorillawalker.com/fixed-income-modelling.pdfIn PDF document text
    • http://www.gorillawalker.com/brandon-and-the-return-to-london-valley-bedtime-stories-book.pdfIn PDF document text
    • http://www.gorillawalker.com/a-pocket-guide-to-catholic-apologetics.pdfIn PDF document text
    • http://www.gorillawalker.com/bewohner-in-der-dunkelheit-german-edition-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/intercepted-the-rise-and-fall-of-nfl-cornerback-darryl-henley.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text