Malicious PDF — malware analysis report

Static analysis result for SHA-256 460f440a93ec0c08…

MALICIOUS

PDF

43.6 KB Created: 2018-11-26 20:03:23 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 4b7593848f03c335dabe038f7e6743fe SHA-1: def70a8d87064d9ce8dd432822f4e163259373cb SHA-256: 460f440a93ec0c0884a8625f1accd2e95fde22caadf5388ef37644c2d1d2adf1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to redirect users to further malicious content. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-characterization-of-jesus-in-the-book-of-hebrews-biblical.pdf
    • http://www.gorillawalker.com/5-great-classics-on-the-holy-spirit-distinguishing-marks-of.pdf
    • http://www.gorillawalker.com/shackelford-s-surgery-of-the-alimentary-tract-five-volume-set.pdf
    • http://www.gorillawalker.com/alfred-00-el03967-gene-krupa-drum-method.pdf
    • http://www.gorillawalker.com/guerra-y-politica-en-la-sociedad-colombiana-spanish-edition.pdf
    • http://www.gorillawalker.com/the-maker-of-dreams-a-fantasy-in-one-act.pdf
    • http://www.gorillawalker.com/morgan-le-fay-shapeshifter-arthurian-and-courtly-cultures.pdf
    • http://www.gorillawalker.com/sensual-massage-the-joy-of-touch.pdf
    • http://www.gorillawalker.com/inavouable-french-edition.pdf
    • http://www.gorillawalker.com/the-year-in-ecology-and-conservation-biology-2011-volume-1223.pdf
    • http://www.gorillawalker.com/the-best-american-comics-2006-best-american.pdf
    • http://www.gorillawalker.com/a-circle-of-time.pdf
    • http://www.gorillawalker.com/starving-to-successful-the-fine-artist-s-guide-to-getting.pdf
    • http://www.gorillawalker.com/principles-of-inorganic-chemistry.pdf
    • http://www.gorillawalker.com/a-challenge-to-church-and-nation-a-table-for-all.pdf
    • http://www.gorillawalker.com/7-subtraction-worksheets-with-4-digit-minuends-4-digit-subtrahends.pdf
    • http://www.gorillawalker.com/pro-secrets-of-heavy-rock-singing.pdf
    • http://www.gorillawalker.com/hackers-toefl-speaking-basic-ibt-tape-4-korean-edition.pdf
    • http://www.gorillawalker.com/the-splicing-handbook-techniques-for-modern-and-traditional-ropes-barbara.pdf
    • http://www.gorillawalker.com/dilation-and-extraction-abortions-medical-procedure-or-infanticide.pdf
    • http://www.gorillawalker.com/the-taos-guide.pdf
    • http://www.gorillawalker.com/the-ultimate-trust-resource-second-edition.pdf
    • http://www.gorillawalker.com/the-next-100-years-a-forecast-for-the-21st-century.pdf
    • http://www.gorillawalker.com/human-experience-and-the-triune-god-a-theological-exploration-of.pdf
    • http://www.gorillawalker.com/edifici-culto-nella-legislazione-canonica-e-concordataria-in-polonia-tesi.pdf
    • http://www.gorillawalker.com/genetic-studies-of-the-cystic-fibrosis-transmembrane-conductance-regulator-gene.pdf
    • http://www.gorillawalker.com/a-social-history-of-iranian-cinema-volume-1-the-artisanal.pdf
    • http://www.gorillawalker.com/midnight-rodeo-homecoming.pdf
    • http://www.gorillawalker.com/small-steps-big-rewards-walking-your-way-to-better-health.pdf
    • http://www.gorillawalker.com/hand-book-of-dental-anatomy-and-surgery-for-the-use.pdf
    • http://www.gorillawalker.com/die-lustige-witwe-duet-ich-bin-eine-anstangige-frau-no.pdf
    • http://www.gorillawalker.com/preparation-for-mrcp-part-ii.pdf
    • http://www.gorillawalker.com/allez-viens-level-1-travaux-pratiques-de-grammaire.pdf
    • http://www.gorillawalker.com/recorders-in-harmony-book-three.pdf
    • http://www.gorillawalker.com/pump-six-and-other-stories-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/master-of-the-dead-harbinger-of-doom-volume-8-harbinger.pdf
    • http://www.gorillawalker.com/my-sister-is-special.pdf
    • http://www.gorillawalker.com/digital-soil-mapping-with-limited-data.pdf
    • http://www.gorillawalker.com/moses-the-egyptian-the-memory-of-egypt-in-western-monotheism.pdf
    • http://www.gorillawalker.com/music-theory-for-the-music-professional.pdf
    • http://www.gorillawalker.com/the-maker-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.