Malicious PDF — malware analysis report

Static analysis result for SHA-256 419cff3a772db5e2…

MALICIOUS

PDF

34.1 KB Created: 2020-01-16 20:55:11 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0 (Windows))
MD5: 7fca2af3bdee23f70ddf0e8369f46c64 SHA-1: 05cc1a0038764c252c18f70eb5d0d68e3ad9fd8a SHA-256: 419cff3a772db5e2ca4a6246636a84735c5f49dc367d79a8499c7b5c15331799
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated and unreadable, the presence of numerous links suggests a malicious intent, possibly for SEO spam or to redirect users to phishing or malware distribution sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8015

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lincoln-y-santo-domingo-1861-1865-spanish-edition.pdf
    • http://www.gorillawalker.com/packaging-of-electronic-systems-a-mechanical-engineering-approach-mcgraw-hill.pdf
    • http://www.gorillawalker.com/child-adolescent-clinical-psychopharmacology-3rd-01-by-green-wayne-hugo.pdf
    • http://www.gorillawalker.com/jigsaw-jones-boxed-set-books-25-32-includes-secret-decoder.pdf
    • http://www.gorillawalker.com/the-seventh-angel.pdf
    • http://www.gorillawalker.com/the-elephant-s-footprint.pdf
    • http://www.gorillawalker.com/from-obscurity-to-enigma-the-work-of-oliver-heaviside-1872.pdf
    • http://www.gorillawalker.com/how-to-get-into-the-entertainment-business-behind-the-scenes.pdf
    • http://www.gorillawalker.com/transfer-pricing-in-action.pdf
    • http://www.gorillawalker.com/eternity-s-secret-what-the-bible-and-science-have-to.pdf
    • http://www.gorillawalker.com/maternal-child-nursing-text-and-simulation-learning-system-package-4e.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-texas-24-student-package.pdf
    • http://www.gorillawalker.com/britannica-s-student-atlas.pdf
    • http://www.gorillawalker.com/the-true-story-of-david-munyakei-goldenberg-whistleblower-kwani-series.pdf
    • http://www.gorillawalker.com/appleton-langes-review-for-the-ultrasonography-examination-3rd-edition.pdf
    • http://www.gorillawalker.com/building-our-future-a-people-s-architectural-history-of-saskatchewan.pdf
    • http://www.gorillawalker.com/antarctica-study-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/ib-world-schools-yearbook-2015.pdf
    • http://www.gorillawalker.com/the-zodiac-legacy-the-dragon-s-return-zodiac-legacy-series.pdf
    • http://www.gorillawalker.com/kombucha-drink-this-wonderful-probiotic-tea-for-immune-support-digestive.pdf
    • http://www.gorillawalker.com/close-calls-memoirs-of-a-survivor.pdf
    • http://www.gorillawalker.com/barbe-bleue-paraphrase-tuba-part-qty-4-a7898.pdf
    • http://www.gorillawalker.com/the-digital-youth-network-cultivating-digital-media-citizenship-in-urban.pdf
    • http://www.gorillawalker.com/carlson-s-a-student-s-guide-to-elements-of-proof.pdf
    • http://www.gorillawalker.com/life-in-ethiopia-historical-and-religious-highlights-of-a-2.pdf
    • http://www.gorillawalker.com/sustainable-compromises-a-yurt-a-straw-bale-house-and-ecological.pdf
    • http://www.gorillawalker.com/robert-l-johnson-life-skills-biographies.pdf
    • http://www.gorillawalker.com/i-hunt-killers.pdf
    • http://www.gorillawalker.com/picosecond-phenomena-3-proceedings-springer-series-in-chemical-physics.pdf
    • http://www.gorillawalker.com/dark-eyes-first-edition.pdf
    • http://www.gorillawalker.com/medicina-energetica-acupuntura-2-circuitos-energ-ticos-principales-spanish-edition.pdf
    • http://www.gorillawalker.com/21-days-of-worship-a-devotional-for-the-worshiper-in.pdf
    • http://www.gorillawalker.com/afghanistan-the-bear-trap.pdf
    • http://www.gorillawalker.com/the-vampire-kitty-cat-chronicles.pdf
    • http://www.gorillawalker.com/smile-for-the-camera-a-memoir.pdf
    • http://www.gorillawalker.com/pmp-exam-success-series-certification-study-system.pdf
    • http://www.gorillawalker.com/bonhoeffer-s-legacy-the-christian-way-in-a-world-without.pdf
    • http://www.gorillawalker.com/down-on-the-batture.pdf
    • http://www.gorillawalker.com/beatrice-a-victorian-classic.pdf
    • http://www.gorillawalker.com/biological-inorganic-chemistry-second-edition-a-new-introduction-to-molecular.pdf
    • http://www.gorillawalker.com/maternal-child-nursing
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.