Malicious PDF — malware analysis report

Static analysis result for SHA-256 53609577f5c5140b…

MALICIOUS

PDF

45.2 KB Created: 2018-12-15 08:52:36 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: e1a53779c7e68c754527b2f5da80fc70 SHA-1: 0dccfa99b2abb3dfd04f08ff485110245e5db01d SHA-256: 53609577f5c5140b96c18ef3ce78ce72226d13507774fb6f334fdaf696d0c714
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/diary-of-a-trip-to-clincinnati-1856.pdf
    • http://www.gorillawalker.com/novena-de-santa-maria-del-perpetuo-socorro-spanish-edition.pdf
    • http://www.gorillawalker.com/middle-powers-in-world-trade-diplomacy-india-south-africa-and.pdf
    • http://www.gorillawalker.com/new-drugs-used-for-nonapproved-purposes-methotrexate-for-psoriasis-hearings.pdf
    • http://www.gorillawalker.com/rent-vocal-selections.pdf
    • http://www.gorillawalker.com/table-for-two-meat-and-dairy-free-recipes-for-two.pdf
    • http://www.gorillawalker.com/spain-eyewitness-travel-guides.pdf
    • http://www.gorillawalker.com/what-hit-me-living-with-histamine-intolerance-a-guide-to.pdf
    • http://www.gorillawalker.com/mary-boleyn-in-a-nutshell.pdf
    • http://www.gorillawalker.com/the-politics-of-dialogic-imagination-power-and-popular-culture-in.pdf
    • http://www.gorillawalker.com/integrated-stratigraphy-of-the-oxfordian-and-kimmeridgian-late-jurassic-in.pdf
    • http://www.gorillawalker.com/american-labor-and-economic-citizenship-new-capitalism-from-world-war.pdf
    • http://www.gorillawalker.com/international-marketing-analysis-and-strategy-3rd-edition.pdf
    • http://www.gorillawalker.com/scott-catalogue-of-errors-on-us-postage-stamps.pdf
    • http://www.gorillawalker.com/the-complete-scandinavian-cookbook.pdf
    • http://www.gorillawalker.com/chikanobu-modernity-and-nostalgia-in-japanese-prints.pdf
    • http://www.gorillawalker.com/virology-a-final-exam-review-part-3-kindle-edition.pdf
    • http://www.gorillawalker.com/the-evolutionist-s-doodlebook.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-administration-of-the-sacraments.pdf
    • http://www.gorillawalker.com/read-anything-good-lately.pdf
    • http://www.gorillawalker.com/hypnotized-boss-feminization-fables-book-8.pdf
    • http://www.gorillawalker.com/world-radio-tv-handbook-2009-edition-the-directory-of-global.pdf
    • http://www.gorillawalker.com/a-complete-guide-to-the-los-angeles-metrolink-commuter-train.pdf
    • http://www.gorillawalker.com/master-spanish-through-reading-from-elementary-to-intermediate-boost-your.pdf
    • http://www.gorillawalker.com/unbound-magnificence-poems.pdf
    • http://www.gorillawalker.com/er-tica-los-hermanos-prohibidos-novela-er-tica-romance-er.pdf
    • http://www.gorillawalker.com/more-country-walks-near-washington.pdf
    • http://www.gorillawalker.com/the-firebrand-highland-treasure-trilogy-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/weight-watchers-meals-in-minutes.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-antispasmodic-and-anticholinergic-h2.pdf
    • http://www.gorillawalker.com/autumn-splendor-acrylic-gouache-or-acrylic-painting.pdf
    • http://www.gorillawalker.com/the-naturalist-on-the-river-amazon-a-record-of-adventures.pdf
    • http://www.gorillawalker.com/century-collection-mandolin-and-guitar-music-series-3-1059-cavalleria.pdf
    • http://www.gorillawalker.com/the-whole-foods-allergy-cookbook-two-hundred-gourmet-homestyle-recipes.pdf
    • http://www.gorillawalker.com/the-metaphysics-of-logic-hardcover.pdf
    • http://www.gorillawalker.com/alternatives-to-nursing-home-care-a-selected-annotated-bibliography.pdf
    • http://www.gorillawalker.com/chess-secrets-the-giants-of-power-play.pdf
    • http://www.gorillawalker.com/pride-and-prejudice-scholastic-library-edition.pdf
    • http://www.gorillawalker.com/daily-exercises-for-violoncello-schott-edition-schott.pdf
    • http://www.gorillawalker.com/jump-back-paul-the-life-and-poems-of-paul-laurence.pdf
    • http://www.gorillawalker.com/diary-of-a-trip-to-clincinnati-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.