Malicious PDF — malware analysis report

Static analysis result for SHA-256 5063c866d8dadb2a…

MALICIOUS

PDF

49.0 KB Created: 2018-11-23 08:08:30 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: 5b88d3bf0bb5176c7a0f4d54d02d442b SHA-1: 4e081a7a5eea1128714450cce24630d8045253d8 SHA-256: 5063c866d8dadb2a343b0340c834e7400facdae0e881537fb5bb7e8a2b02a765
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points to a malicious intent to redirect users to potentially harmful content hosted on external domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8509

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/young-v-old-generational-combat-in-the-21st-century-transforming.pdf
    • http://www.gorillawalker.com/srimad-bhagavad-gita-spiritual-commentaries-by-yogiraj-lahiri-mahasay-and.pdf
    • http://www.gorillawalker.com/dastarkhan-e-moghlai-101-easy-to-cook-hyderabaadi-recipes.pdf
    • http://www.gorillawalker.com/the-low-carb-cookbook.pdf
    • http://www.gorillawalker.com/sugar-free-and-easy-candida-diet-recipes-book-1-20.pdf
    • http://www.gorillawalker.com/hats-a-history-of-fashion-in-headwear-dover-fashion-and.pdf
    • http://www.gorillawalker.com/nursing-in-today-s-world-challenges-issues-and-trends.pdf
    • http://www.gorillawalker.com/financial-statecraft-the-role-of-financial-markets-in-american-foreign.pdf
    • http://www.gorillawalker.com/jupiter-planets-gustav-holst-beginner-piano-sheet-music-kindle-edition.pdf
    • http://www.gorillawalker.com/john-hicks-his-contributions-to-economic-theory.pdf
    • http://www.gorillawalker.com/chassidic-adventure-classic-1-levi-versus-the-league-of-the.pdf
    • http://www.gorillawalker.com/the-lion-bible-in-its-time.pdf
    • http://www.gorillawalker.com/bank-rate-and-the-money-market-in-england-france-germany.pdf
    • http://www.gorillawalker.com/grandparents-journal.pdf
    • http://www.gorillawalker.com/habitat-of-hydrocarbons-on-the-norwegian-continental-shelf-norwegian-petroleum.pdf
    • http://www.gorillawalker.com/technical-analysis-of-renaissance-illuminated-manuscripts-from-the-historical-library.pdf
    • http://www.gorillawalker.com/substance-use-and-abuse-exploring-alcohol-and-drug-issues.pdf
    • http://www.gorillawalker.com/on-directing-and-dramaturgy-burning-the-house-drama-and-theatre.pdf
    • http://www.gorillawalker.com/indian-and-oriental-arms-and-armour-dover-military-history-weapons.pdf
    • http://www.gorillawalker.com/early-mamluk-syrian-historiography-al-yunini-s-dhayl-mir-at.pdf
    • http://www.gorillawalker.com/when-love-calls-arabesque.pdf
    • http://www.gorillawalker.com/el-secreto-del-bamb-una-f-bula-spanish-edition.pdf
    • http://www.gorillawalker.com/the-reincarnation-of-edgar-allan-poe-evidences-leading-to-the.pdf
    • http://www.gorillawalker.com/kinn-s-the-administrative-medical-assistant-an-applied-learning-approach.pdf
    • http://www.gorillawalker.com/forrest-gump-my-favorite-chocolate-recipes-mama-s-fudge-cookies.pdf
    • http://www.gorillawalker.com/evolution-and-the-genetics-of-populations-volume-2-theory-of.pdf
    • http://www.gorillawalker.com/warriors-skyclan-and-the-stranger-2-beyond-the-code-warriors.pdf
    • http://www.gorillawalker.com/desert-heat-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/luther-the-rest-of-the-story.pdf
    • http://www.gorillawalker.com/slow-fires-mastering-new-ways-of-braising-roasting-and-grilling.pdf
    • http://www.gorillawalker.com/the-new-store-workbook-revised-edition-msa-146-s-guide.pdf
    • http://www.gorillawalker.com/the-handbook-of-transplantation-management-medical-intelligence-unit.pdf
    • http://www.gorillawalker.com/smart-retail-practical-winning-ideas-and-strategies-from-the-most.pdf
    • http://www.gorillawalker.com/die-kleine-maus-freut-sich-auf-weihnachten-german-edition.pdf
    • http://www.gorillawalker.com/why-dear-mrs-sullivan-is-distressed.pdf
    • http://www.gorillawalker.com/der-hebraische-pentateuch-der-samaritaner-i-teil-prolegomena-und-genesis.pdf
    • http://www.gorillawalker.com/representation-theory-and-harmonic-analysis-of-wreath-products-of-finite.pdf
    • http://www.gorillawalker.com/corporate-finance-plus-new-myfinancelab-with-pearson-etext-access-card.pdf
    • http://www.gorillawalker.com/notes-on-a-life.pdf
    • http://www.gorillawalker.com/the-sponsor-s-12-traditions-manual-a-guide-to-teaching.pdf
    • http://www.gorillawalker.com/nur
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.