Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c3641ed753eeaa7…

MALICIOUS

PDF

33.4 KB Created: 2020-01-03 01:15:40 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: 7f9f306fdb88d4e6a8742bdac99239a0 SHA-1: adce3001a38e8034a64685d054b89278fe3a37eb SHA-256: 4c3641ed753eeaa7c369fa2d4c6a78aaf2e7915f792600cb151d67202ad5c863
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation, phishing, or to serve further malicious content. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/piano-for-the-developing-musician-comprehensive-edition.pdf
    • http://www.gorillawalker.com/learn-spanish-in-7-days-the-ultimate-crash-course-to.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-essential-oils-the-complete-guide-to-the.pdf
    • http://www.gorillawalker.com/fred-sandback-drawings.pdf
    • http://www.gorillawalker.com/hope-in-my-heart-my-america.pdf
    • http://www.gorillawalker.com/pediatria-contemporanea-contemporary-pediatrics-actualidades-en-el-diagnostico-y-tratamiento.pdf
    • http://www.gorillawalker.com/the-wagonmasters-high-plains-freighting-from-the-earliest-days-of.pdf
    • http://www.gorillawalker.com/the-giro-d-italia-coppi-vs-bartali-at-the-1949.pdf
    • http://www.gorillawalker.com/this-hill-this-valley-american-land-classics.pdf
    • http://www.gorillawalker.com/secret-lisbon.pdf
    • http://www.gorillawalker.com/sphere-the-form-of-a-motion-sara-f-yoseloff-memorial.pdf
    • http://www.gorillawalker.com/a-modern-approach-to-two-over-one.pdf
    • http://www.gorillawalker.com/disinfection-sterilization-and-preservation.pdf
    • http://www.gorillawalker.com/the-brave-tin-soldier-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-travels-of-sir-john-mandeville-penguin-classics.pdf
    • http://www.gorillawalker.com/plant-design-and-economics-for-chemical-engineers-mcgraw-hill-chemical.pdf
    • http://www.gorillawalker.com/hab-a-una-vez-una-ni-a-en-una-vecindad.pdf
    • http://www.gorillawalker.com/international-regulation-of-banking-capital-and-risk-requirements.pdf
    • http://www.gorillawalker.com/urban-planning-practices-challenges-and-benefits-urban-development-and-infrastructure.pdf
    • http://www.gorillawalker.com/treatise-on-invertebrate-paleontology-vol-1-part-s.pdf
    • http://www.gorillawalker.com/anti-bride-etiquette-guide-the-rules-and-how-to-bend.pdf
    • http://www.gorillawalker.com/my-first-little-house-hello-laura-my-first-little-house.pdf
    • http://www.gorillawalker.com/a-journey-my-political-life-kindle-edition.pdf
    • http://www.gorillawalker.com/essentials-of-new-jersey-real-estate.pdf
    • http://www.gorillawalker.com/emmanuel-levinas-his-life-and-legacy.pdf
    • http://www.gorillawalker.com/social-networking-and-impression-management-self-presentation-in-the-digital.pdf
    • http://www.gorillawalker.com/family-inheritance-kindle-edition.pdf
    • http://www.gorillawalker.com/dynamic-economic-analysis.pdf
    • http://www.gorillawalker.com/fantastic-four-vol-4-hereafter.pdf
    • http://www.gorillawalker.com/nagarjuna-s-tree-of-wisdom-a-translation.pdf
    • http://www.gorillawalker.com/sherpas-through-their-rituals-cambridge-studies-in-cultural-systems.pdf
    • http://www.gorillawalker.com/gone-special-edition.pdf
    • http://www.gorillawalker.com/meditation-for-warriors-practical-meditation-for-cops-soldiers-and-martial.pdf
    • http://www.gorillawalker.com/the-art-of-jaime-hernandez-the-secrets-of-life-and.pdf
    • http://www.gorillawalker.com/101-things-to-do-in-north-carolina-before-you-up.pdf
    • http://www.gorillawalker.com/angus-macbain-and-the-agate-eyeglass-angus-macbain-series.pdf
    • http://www.gorillawalker.com/character-theory-of-finite-groups-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/the-rise-of-the-military-welfare-state.pdf
    • http://www.gorillawalker.com/rhode-island-s-tercentenary-miscellanies.pdf
    • http://www.gorillawalker.com/mango-time-folk-songs-of-jamaica.pdf
    • http://www.gorillawalker.com/the-giro-d-italia-coppi-vs-bartali-at-the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.