Malicious PDF — malware analysis report

Static analysis result for SHA-256 3cac184a9ed176b9…

MALICIOUS

PDF

42.7 KB Created: 2018-11-23 08:00:29 +03:00 Authoring application: soft Xpansion Perfect PDF 5 Premium (via PDF Xpansion 5.7.8)
MD5: 839deb07c908dcc1a28dca20fef0e406 SHA-1: 947db8dc287f81ba557be519d449cfa70efded79 SHA-256: 3cac184a9ed176b9d00e7fda187613f08e7daa82965dececb8785e367214ea02
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically indicates a mass of external PDF links. While no scripts were extracted, the sheer volume and nature of the embedded URLs suggest a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/awakened-resilient-book-2.pdf
    • http://www.gorillawalker.com/no-corras-camina-descubre-el-placer-del-walkim-spanish-edition.pdf
    • http://www.gorillawalker.com/kyrgyzstan-a-climber-s-map-guide.pdf
    • http://www.gorillawalker.com/guide-to-land-registry-practice-practitioner-series.pdf
    • http://www.gorillawalker.com/truth-denial-and-transition-northern-ireland-and-the-contested-past.pdf
    • http://www.gorillawalker.com/the-great-thoughts-from-abelard-to-zola-from-ancient-greece.pdf
    • http://www.gorillawalker.com/tithing-lawful-or-legalistic-burden-or-blessing-kindle-edition.pdf
    • http://www.gorillawalker.com/from-modernism-to-postmodernism-an-anthology-expanded.pdf
    • http://www.gorillawalker.com/the-protonomy-law-the-first-dispensation-the-fearistic-chronicles-book.pdf
    • http://www.gorillawalker.com/steck-vaughn-gateways-student-practice-book-level-2-units-3.pdf
    • http://www.gorillawalker.com/deep-descent-adventure-and-death-diving-the-andrea-doria.pdf
    • http://www.gorillawalker.com/rain-on-the-dead.pdf
    • http://www.gorillawalker.com/fodor-s-great-britain.pdf
    • http://www.gorillawalker.com/orthodontics-at-a-glance-by-gill-daljit-wiley-blackwell-2008.pdf
    • http://www.gorillawalker.com/law-and-social-order-in-the-united-states.pdf
    • http://www.gorillawalker.com/the-musical-representation-meaning-ontology-and-emotion.pdf
    • http://www.gorillawalker.com/advanced-2d-game-development.pdf
    • http://www.gorillawalker.com/lenny-kravitz-5-musical-notes-version.pdf
    • http://www.gorillawalker.com/an-illustrated-encyclopedia-uniforms-of-the-napoleonic-wars-campaign-maps.pdf
    • http://www.gorillawalker.com/cottage-grove-woman-drowns-local-news-authorities-say-paola-wilkinson.pdf
    • http://www.gorillawalker.com/giant-airliners.pdf
    • http://www.gorillawalker.com/antigua-guatemala-its-heritage.pdf
    • http://www.gorillawalker.com/yes-and-daily-meditations.pdf
    • http://www.gorillawalker.com/virtual-economies-design-and-analysis-information-policy-kindle-edition.pdf
    • http://www.gorillawalker.com/gurps-psionics-reprint.pdf
    • http://www.gorillawalker.com/word-id-assessment-across-the-content-areas.pdf
    • http://www.gorillawalker.com/easy-beginner-fiddle-methods-violin-instruction-and-chord-book.pdf
    • http://www.gorillawalker.com/social-security-legislation-2015-16-tax-credits-and-hmrc-administered.pdf
    • http://www.gorillawalker.com/books-for-african-american-children-english-stories-edition-ii-kindle.pdf
    • http://www.gorillawalker.com/diary-of-a-sex-and-love-addict-an-account-of.pdf
    • http://www.gorillawalker.com/sugar-cane-a-caribbean-rapunzel.pdf
    • http://www.gorillawalker.com/how-to-build-military-grade-suppressors.pdf
    • http://www.gorillawalker.com/floating-brilliant-gone.pdf
    • http://www.gorillawalker.com/independence-day-a-dewey-andreas-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/jacques-the-fatalist-and-his-master-penguin-classics.pdf
    • http://www.gorillawalker.com/epivir-hbv-now-approved-for-children-teens-for-the-treatment.pdf
    • http://www.gorillawalker.com/fantasy-soccer-and-mathematics-student-workbook.pdf
    • http://www.gorillawalker.com/my-sweet-vegan-passionate-about-dessert-paperback.pdf
    • http://www.gorillawalker.com/the-song-of-hiawatha-the-frederic-remington-illustrated-edition-hardcover.pdf
    • http://www.gorillawalker.com/van-gogh-collection-acrylic-painting-instant-artist-deluxe.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.