Malicious PDF — malware analysis report

Static analysis result for SHA-256 4ec7064e6f7514d9…

MALICIOUS

PDF

40.0 KB Created: 2019-02-13 02:15:38 +03:00 Authoring application: - (via XEP 4.4 build 20050610)
MD5: c8efa240466bee41b22ab8f6241e5d76 SHA-1: 83c9998e5fb00ee7a824298138ff43955587c585 SHA-256: 4ec7064e6f7514d9054f8ad7e2f2c67e954a2cefc03216336a57f13b44610246
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or redirect users to potentially harmful content hosted on external domains. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/photoshop-cs2-introduction-to-digital-photo-processing-advanced-and-improved.pdf
    • http://www.gorillawalker.com/oskar-fischinger-1900-1967-experiments-in-cinematic-abstraction.pdf
    • http://www.gorillawalker.com/the-arterial-pulse.pdf
    • http://www.gorillawalker.com/hodder-cambridge-primary-english-work-book-stage-3-stage-3.pdf
    • http://www.gorillawalker.com/medical-saints-cosmas-and-damian-in-a-postmodern-world.pdf
    • http://www.gorillawalker.com/how-to-get-in-football-shape-with-dvd.pdf
    • http://www.gorillawalker.com/histoire-du-canal-de-panama-historique-description-cons-quences-conomiques.pdf
    • http://www.gorillawalker.com/a-centripetal-theory-of-democratic-governance.pdf
    • http://www.gorillawalker.com/the-writing-of-the-disaster.pdf
    • http://www.gorillawalker.com/alcoholics-freedom-guide-how-to-stop-drinking-permanently-steps-to.pdf
    • http://www.gorillawalker.com/dark-star.pdf
    • http://www.gorillawalker.com/the-complete-prefaces-1930-50.pdf
    • http://www.gorillawalker.com/billy-and-the-big-new-school-anholt-family-favourites.pdf
    • http://www.gorillawalker.com/bullying-straight-talk-about.pdf
    • http://www.gorillawalker.com/lob-trees-in-the-wilderness.pdf
    • http://www.gorillawalker.com/journey-of-life-selected-poems-of-daisaku-ikeda.pdf
    • http://www.gorillawalker.com/snow-white-lucks-out-turtleback-school-library-binding-edition-grimmtastic.pdf
    • http://www.gorillawalker.com/woodcarving-an-introduction-hobby-craft.pdf
    • http://www.gorillawalker.com/the-beatles-book-dvd-gift-folder-dvd.pdf
    • http://www.gorillawalker.com/legendary-journeys-space.pdf
    • http://www.gorillawalker.com/hu-shi-xuan-mei-tian-yi-shou-shi-mandarin-chinese.pdf
    • http://www.gorillawalker.com/das-volk-steht-auf-europas-befreiungskampf-gegen-napoleon-german-edition.pdf
    • http://www.gorillawalker.com/mixed-magics-four-tales-of-chrestomanci.pdf
    • http://www.gorillawalker.com/the-light-railways-of-britain-and-ireland.pdf
    • http://www.gorillawalker.com/out-with-the-in-crowd-the-reinvention-of-skylar-hoyt.pdf
    • http://www.gorillawalker.com/elk-hunting-101-a-pocketbook-guide-to-elk-hunting.pdf
    • http://www.gorillawalker.com/anne-geddes-a-labour-of-love-2008-day-to-day.pdf
    • http://www.gorillawalker.com/the-best-of-chet-atkins-a-step-by-step-breakdown.pdf
    • http://www.gorillawalker.com/10-women.pdf
    • http://www.gorillawalker.com/algeria-administrative-divisions-sudoc-prex-3-10-4-al-3.pdf
    • http://www.gorillawalker.com/the-balanced-body-instructor-s-resource-cd-rom.pdf
    • http://www.gorillawalker.com/guide-to-budapest-kindle-edition.pdf
    • http://www.gorillawalker.com/democracy-in-modern-iran-islam-culture-and-political-change.pdf
    • http://www.gorillawalker.com/you-know-you-re-a-rugby-fanatic-when.pdf
    • http://www.gorillawalker.com/hannah-montana-fun-pack.pdf
    • http://www.gorillawalker.com/population-viability-analysis.pdf
    • http://www.gorillawalker.com/the-sewing-machine-master-guide-from-basic-to-expert.pdf
    • http://www.gorillawalker.com/a-collection-of-old-english-plays-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/deadly-misfortune-book-two-in-the-quintspinner-series-kindle-edition.pdf
    • http://www.gorillawalker.com/arte-en-el-cuerpo-spanish-edition.pdf
    • http://www.gorillawalker.com/medical-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.