Malicious PDF — malware analysis report

Static analysis result for SHA-256 3d8e72f1434cdcfa…

MALICIOUS

PDF

48.4 KB Created: 2019-03-17 11:33:14 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: e0015297b0a35ffa3affe004a99009b4 SHA-1: ed1b815e77943715b65792eb42af81a691899e61 SHA-256: 3d8e72f1434cdcfa75e4e0be16cd4d4ded38dae8f05055d1f57add116501d32d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a significant number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to drive traffic or distribute further malicious content through a link farm. The ML classifier also flagged the PDF as malicious. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/l-et-dei-cesari-le-legioni-e-l-impero-piccola.pdf
    • http://www.gorillawalker.com/cracked-not-broken-surviving-and-thriving-after-a-suicide-attempt.pdf
    • http://www.gorillawalker.com/johnny-grav-the-visioneer-in-twilight-rising-black-white-standard.pdf
    • http://www.gorillawalker.com/viking-age-iceland.pdf
    • http://www.gorillawalker.com/cooking-with-almond-flour-20-high-protein-recipes-wheat-flour.pdf
    • http://www.gorillawalker.com/arabic-vocabulary-quickstudy-academic.pdf
    • http://www.gorillawalker.com/21st-century-ultimate-medical-guide-to-gastrointestinal-carcinoid-authoritative-practical.pdf
    • http://www.gorillawalker.com/young-people-27-piano-solos-let-us-have-music-for.pdf
    • http://www.gorillawalker.com/descubre-y-vive-tus-suenos-spanish-edition.pdf
    • http://www.gorillawalker.com/hormones-health-and-behaviour-a-socio-ecological-and-lifespan-perspective.pdf
    • http://www.gorillawalker.com/quantum-mechanics-for-hamiltonians-defined-as-quadratic-forms-princeton-series.pdf
    • http://www.gorillawalker.com/theories-of-sexual-offending.pdf
    • http://www.gorillawalker.com/neil-armstrong-and-getting-to-the-moon-adventures-in-space.pdf
    • http://www.gorillawalker.com/boatowners-mechanical-and-electrical-manual-4-e.pdf
    • http://www.gorillawalker.com/handbook-of-computational-finance-springer-handbooks-of-computational-statistics.pdf
    • http://www.gorillawalker.com/the-art-of-hummingbird-gardening-how-to-make-your-backyard.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-insurance-practical-insurance.pdf
    • http://www.gorillawalker.com/consultants-consulting-organizations-directory-a-reference-guide-to-more-than.pdf
    • http://www.gorillawalker.com/repurpose-your-career-a-practical-guide-for-baby-boomers.pdf
    • http://www.gorillawalker.com/fiber-optic-communication-prec.pdf
    • http://www.gorillawalker.com/the-ultimate-japan-travel-guide-immerse-yourself-in-the-japanese.pdf
    • http://www.gorillawalker.com/2013-national-qualification-exam-build-a-counseling-books-railway-engineering.pdf
    • http://www.gorillawalker.com/today-s-technician-automotive-brake-systems-classroom-and-shop-manual.pdf
    • http://www.gorillawalker.com/japanese-verbs-saying-what-you-mean.pdf
    • http://www.gorillawalker.com/the-marshal-and-the-murderer-a-florentine-mystery.pdf
    • http://www.gorillawalker.com/the-druby-book-distributed-and-parallel-computing-with-ruby.pdf
    • http://www.gorillawalker.com/battle-of-hurtgen-forest-west-wall.pdf
    • http://www.gorillawalker.com/coffee-pests-diseases-and-their-management.pdf
    • http://www.gorillawalker.com/understanding-elections.pdf
    • http://www.gorillawalker.com/journey-of-ashes-a-boyhood-in-the-holocaust.pdf
    • http://www.gorillawalker.com/windows-cyber-security-101-the-beginner-s-guide-to-hacking.pdf
    • http://www.gorillawalker.com/handbook-of-anxiety-and-fear-volume-17-handbook-of-behavioral.pdf
    • http://www.gorillawalker.com/the-choose-to-lose-weight-loss-plan-for-men-a.pdf
    • http://www.gorillawalker.com/escape-and-liberation-1940-1945.pdf
    • http://www.gorillawalker.com/sweet-reason-a-field-guide-to-modern-logic.pdf
    • http://www.gorillawalker.com/a-wedding-for-the-greek-tycoon-greek-billionaires.pdf
    • http://www.gorillawalker.com/petronius-arbiter-und-federico-fellini-ein-strukturanalytischer-vergleich-studien-zur.pdf
    • http://www.gorillawalker.com/macanudo-t01.pdf
    • http://www.gorillawalker.com/the-teachings-of-mrs-eddy.pdf
    • http://www.gorillawalker.com/wired-hard-3-even-more-erotica-for-a-gay-universe.pdf
    • http://www.gorillawalker.com/21st-century-ultimate-medical-guide-to-gastrointestinal-carcinoid-authoritativ
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.