Malicious PDF — malware analysis report

Static analysis result for SHA-256 5543a0e6b644b595…

MALICIOUS

PDF

41.3 KB Created: 2018-12-15 08:35:14 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: 396f6f7fa826e37c7d5a9bb3b1f83b53 SHA-1: e78b0622d7f9f335f9d487dc4cbb3e56acedad14 SHA-256: 5543a0e6b644b59515bae4b5ad63d5b27590b2125e39adc88f2402eeb2533fb3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO poisoning or to redirect users to phishing or malware distribution sites. The ML_NYX_PDF_MALICIOUS classifier also flagged the file with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-art-of-war-the-new-translation.pdf
    • http://www.gorillawalker.com/weight-watchers-f-r-berufst-tige.pdf
    • http://www.gorillawalker.com/memoirs-of-abdolmadjid-madjidi.pdf
    • http://www.gorillawalker.com/lolita-vol-3.pdf
    • http://www.gorillawalker.com/let-them-be-judged-the-judicial-integration-of-the-deep.pdf
    • http://www.gorillawalker.com/conan-volume-7-cimmeria-conan-dark-horse.pdf
    • http://www.gorillawalker.com/competing-on-excellence-healthcare-strategies-for-a-consumer-driven-market.pdf
    • http://www.gorillawalker.com/folk-music-for-3-recorders-and-guitar-album-3.pdf
    • http://www.gorillawalker.com/creative-haven-flower-art-coloring-book-deluxe-edition-4-books.pdf
    • http://www.gorillawalker.com/the-idea-of-the-public-sphere-a-reader.pdf
    • http://www.gorillawalker.com/stickeen-1909.pdf
    • http://www.gorillawalker.com/experimental-nuclear-physics-volume-1-physics-of-atomic-nucleus.pdf
    • http://www.gorillawalker.com/encyclopedia-of-tropical-plants-identification-and-cultivation-of-over-3000.pdf
    • http://www.gorillawalker.com/ancient-egyptians-at-a-glance.pdf
    • http://www.gorillawalker.com/el-principito-spanish-edition.pdf
    • http://www.gorillawalker.com/introductory-dc-ac-circuits-6th-edition.pdf
    • http://www.gorillawalker.com/the-haiti-experiment-kindle-edition.pdf
    • http://www.gorillawalker.com/united-arab-emirates-oman-bahrain-quatar-hildebrand-s-travel-map.pdf
    • http://www.gorillawalker.com/steel-carriage-by-sea-lloyd-s-practical-shipping-guides.pdf
    • http://www.gorillawalker.com/complete-solutions-guide-calculus-vol-2-8th-edition.pdf
    • http://www.gorillawalker.com/stargate-sg-1-sunrise-sg1-17.pdf
    • http://www.gorillawalker.com/canada-and-the-cold-war.pdf
    • http://www.gorillawalker.com/30-healthy-things-to-cook-and-eat-cooking-cards.pdf
    • http://www.gorillawalker.com/book-of-shadows-spells-kindle-edition.pdf
    • http://www.gorillawalker.com/peterson-s-computer-science-electrical-engineering-programs.pdf
    • http://www.gorillawalker.com/fatigue-and-corrosion-in-metals.pdf
    • http://www.gorillawalker.com/architecture-of-herod-the-great-builder.pdf
    • http://www.gorillawalker.com/the-heresy-of-dr-dee.pdf
    • http://www.gorillawalker.com/the-atlanta-campaign-a-civil-war-driving-tour-of-atlanta.pdf
    • http://www.gorillawalker.com/up-the-ladder-study-and-test-taking-strategies-for-fire.pdf
    • http://www.gorillawalker.com/greek-a-comprehensive-grammar-of-the-modern-language-comprehensive-grammars.pdf
    • http://www.gorillawalker.com/how-to-cook-everything-fast-a-better-way-to-cook.pdf
    • http://www.gorillawalker.com/mit-dem-e-bike-zur-arbeit-kaufberatung-praxistipps-german-edition.pdf
    • http://www.gorillawalker.com/is-one-love-ozenoz-book-2.pdf
    • http://www.gorillawalker.com/kraken-the-curious-exciting-and-slightly-disturbing-science-of-squid.pdf
    • http://www.gorillawalker.com/film-lovers-paris-101-legendary-addresses-that-inspired-great-movies.pdf
    • http://www.gorillawalker.com/reflexologia-total-spanish-edition.pdf
    • http://www.gorillawalker.com/business-mathematics-instructor-s-edition.pdf
    • http://www.gorillawalker.com/general-practice-revisited-a-second-study-of-patients-and-their.pdf
    • http://www.gorillawalker.com/arab-occidentalism-images-of-america-in-the-middle-east-library.pdf
    • http://www.gorillawalker.com/folk-music-for-3-re
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.