Malicious PDF — malware analysis report

Static analysis result for SHA-256 42d4dbfcdf31b0f1…

MALICIOUS

PDF

43.8 KB Created: 2019-04-07 18:03:28 +03:00 Authoring application: - (via Multivalent Merge)
MD5: 5c60263475f437c175028fc6b8fea9bc SHA-1: 3a2429d55a98e888987211896ae8d8a397d560f3 SHA-256: 42d4dbfcdf31b0f1d1057eefefd8258aadffa993248ba3cdf75f0a4c0001079b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high probability. The primary attack pattern appears to be the distribution of a large number of links, potentially to host malicious content or for SEO manipulation, rather than direct exploitation within the PDF itself. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/adios-strunk-and-white-a-handbook-for-the-new-academic.pdf
    • http://www.gorillawalker.com/le-prince-et-autres-textes-french-edition.pdf
    • http://www.gorillawalker.com/trauma-a-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/healthcare-management-strategy-communication-and-development-challenges-and-solutions-in.pdf
    • http://www.gorillawalker.com/144-color-paintings-of-anders-zorn-swedish-realist-painter-sculptor.pdf
    • http://www.gorillawalker.com/handbook-of-parathyroid-diseases-a-case-based-practical-guide.pdf
    • http://www.gorillawalker.com/hearst-over-hollywood.pdf
    • http://www.gorillawalker.com/dinosaurs-the-most-complete-up-to-date-encyclopedia-for-dinosaur.pdf
    • http://www.gorillawalker.com/marjorie-morningstar.pdf
    • http://www.gorillawalker.com/my-friend-pug-brad-book-1.pdf
    • http://www.gorillawalker.com/bianchi-miles-come-muli-15-diari-e-memorie-della-storia.pdf
    • http://www.gorillawalker.com/rubber-modified-thermoset-resins-advances-in-chemistry-series.pdf
    • http://www.gorillawalker.com/organ-pipe-cactus-national-monument-national-geographic-trails-illustrated-map.pdf
    • http://www.gorillawalker.com/cms-held-able-to-correct-medicare-payment-errors-congressional-intervention.pdf
    • http://www.gorillawalker.com/haciendo-riquezas-a-la-manera-de-dios-spanish-edition.pdf
    • http://www.gorillawalker.com/historical-fiction-for-young-readers-grades-4-8-an-introduction.pdf
    • http://www.gorillawalker.com/the-millionaire-in-the-next-cubicle-a-corporate-everyman-s.pdf
    • http://www.gorillawalker.com/know-your-rights-and-how-to-make-them-work-for.pdf
    • http://www.gorillawalker.com/blame-it-on-vanity.pdf
    • http://www.gorillawalker.com/nuclear-decommissioning-planning-execution-and-international-experience-woodhead-publishing-series.pdf
    • http://www.gorillawalker.com/how-to-travel-incognito-prion-humour-classics.pdf
    • http://www.gorillawalker.com/diana-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/les-olympiades-les-chevaliers-de-l-olympe-t-1-french.pdf
    • http://www.gorillawalker.com/safe-at-school-and-ready-to-learn-a-comprehensive-policy.pdf
    • http://www.gorillawalker.com/the-edge-of-dawn-the-edge-series.pdf
    • http://www.gorillawalker.com/home-as-creation-the-influence-of-early-childhood-experience-in.pdf
    • http://www.gorillawalker.com/the-girls-body-book-everything-you-need-to-know-for.pdf
    • http://www.gorillawalker.com/hiking-whatcom-county-selected-walks-hikes-parks-viewpoints-puget-sound.pdf
    • http://www.gorillawalker.com/american-food.pdf
    • http://www.gorillawalker.com/the-north-west-passage-1940-1942-and-1944-the-famous.pdf
    • http://www.gorillawalker.com/fodor-s-big-island-of-hawaii-3rd-edition-full-color.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-starting-a-home-based.pdf
    • http://www.gorillawalker.com/loose-leaf-for-human-physiology.pdf
    • http://www.gorillawalker.com/mel-bay-presents-parking-lot-picker-s-songbook-for-fiddle.pdf
    • http://www.gorillawalker.com/fa-fa-fa-fa-fa-fa-the-adventures-of-talking.pdf
    • http://www.gorillawalker.com/syrie-art-histoire-architecture-french-edition.pdf
    • http://www.gorillawalker.com/barron-s-toeic-practice-exams-with-mp3-barron-toeic-prac.pdf
    • http://www.gorillawalker.com/dangerous-deception.pdf
    • http://www.gorillawalker.com/raccoon-cubs-wild-baby-animals-bearport.pdf
    • http://www.gorillawalker.com/how-buildings-learn-what-happens-after-they-re-built-by.pdf
    • http://www.gorillawalker.com/handbook-of-parathyroid-diseases-a-case-based-practical-guide.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.