Malicious PDF — malware analysis report

Static analysis result for SHA-256 54752c0a194caf48…

MALICIOUS

PDF

31.7 KB Created: 2020-02-08 21:01:05 +03:00 Authoring application: QuarkXPress(R) 9.0
MD5: 073fc0c601f33589badff08c8e6c9057 SHA-1: 07387a5826320cee629e7e80f2d2805c4e8b4699 SHA-256: 54752c0a194caf4810aadec14d2e1bc821ff48cb5732613a3b16919b8214c9d4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/een-tijdelijk-onderdak-dutch-edition.pdf
    • http://www.gorillawalker.com/nothingness-the-science-of-empty-space.pdf
    • http://www.gorillawalker.com/on-my-way-the-view-from-the-ninth-decade.pdf
    • http://www.gorillawalker.com/it-s-easy-to-fix-your-bike.pdf
    • http://www.gorillawalker.com/it-s-fun-to-draw-safari-animals.pdf
    • http://www.gorillawalker.com/how-to-seduce-a-billionaire-black-lace.pdf
    • http://www.gorillawalker.com/import-export-of-apparel-textiles-export-to-the-us-import.pdf
    • http://www.gorillawalker.com/slow-burn-bleed-book-6-slow-burn-zombie-apocalypse-series.pdf
    • http://www.gorillawalker.com/my-first-sticker-encyclopedia-dogs.pdf
    • http://www.gorillawalker.com/where-russia-today-sunday-mirror-offprint.pdf
    • http://www.gorillawalker.com/twisted-book-one-of-the-deathwind-trilogy-kindle-edition.pdf
    • http://www.gorillawalker.com/what-you-don-t-know-about-turning-60.pdf
    • http://www.gorillawalker.com/amerika-psycho-behind-uncle-sam-s-mask-of-sanity.pdf
    • http://www.gorillawalker.com/theory-of-probability-oxford-classic-texts-in-the-physical-sciences.pdf
    • http://www.gorillawalker.com/all-together-now-creating-middle-class-schools-through-public-school.pdf
    • http://www.gorillawalker.com/specimen-sight-reading-tests-for-oboe-grades-6-8-abrsm.pdf
    • http://www.gorillawalker.com/innocent-idle-hashida-ai-first-photo-book-candy-girls-camera.pdf
    • http://www.gorillawalker.com/dylan-s-candy-bar-pocket-pads.pdf
    • http://www.gorillawalker.com/chordtime-favorites-level-2b.pdf
    • http://www.gorillawalker.com/the-internet-as-a-large-scale-complex-system-santa-fe.pdf
    • http://www.gorillawalker.com/women-s-war-britain-in-world-war-ii.pdf
    • http://www.gorillawalker.com/digitale-fernseh-und-h-rfunktechnik-in-theorie-und-praxis-mpeg.pdf
    • http://www.gorillawalker.com/alpine-plants-a-practical-manual-for-their-culture-with-a.pdf
    • http://www.gorillawalker.com/ocr-a2-geography.pdf
    • http://www.gorillawalker.com/real-estate-principles-a-value-approach-the-mcgraw-hill-irwin.pdf
    • http://www.gorillawalker.com/family-properties-race-real-estate-and-the-exploitation-of-black.pdf
    • http://www.gorillawalker.com/fiddle-club-volume-3.pdf
    • http://www.gorillawalker.com/rat-snakes-blastoff-readers-snakes-alive-blastoff-readers-snakes-alive.pdf
    • http://www.gorillawalker.com/law-dictionary-technical-dictionary-of-the-anglo-american-legal-terminology.pdf
    • http://www.gorillawalker.com/boatbuilding-in-your-own-backyard.pdf
    • http://www.gorillawalker.com/the-emperor-of-men-s-minds-literature-and-the-renaissance.pdf
    • http://www.gorillawalker.com/the-world-of-the-spirit-vocal-score.pdf
    • http://www.gorillawalker.com/toldi-s-eve.pdf
    • http://www.gorillawalker.com/magnetic-fusion-technology-lecture-notes-in-energy.pdf
    • http://www.gorillawalker.com/an-anthology-of-black-folk-wit-wisdom-and-sayings.pdf
    • http://www.gorillawalker.com/24-art-nouveau-display-fonts-cd-rom-and-book-dover.pdf
    • http://www.gorillawalker.com/the-story-of-christmas-advent-calendar.pdf
    • http://www.gorillawalker.com/ritmos-basicos-bateria-para-principiantes-book-cd-ritmos-basicos.pdf
    • http://www.gorillawalker.com/the-joy-of-piano-duets-music-joy-books-music-sales.pdf
    • http://www.gorillawalker.com/god-s-candidate-the-life-and-times-of-pope-john.pdf
    • http://www.gorillawalker.com/specimen-sight-reading-tests-for-oboe-grades-6-8
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.