Malicious PDF — malware analysis report

Static analysis result for SHA-256 573c7583488e5fd9…

MALICIOUS

PDF

42.5 KB Created: 2018-12-03 17:45:55 +03:00 Authoring application: www.freepdfconvert.com (via http://www.freepdfconvert.com)
MD5: eaca320a18ca6eb2f7eccd6f3c8f29a0 SHA-1: 8ac231053cec44d4ea1a5161369a82060c205258 SHA-256: 573c7583488e5fd95b0b486160668afa5f8f9637a8922a44378c2fd66db244cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stalin-and-europe-imitation-and-domination-1928-1953.pdf
    • http://www.gorillawalker.com/small-change-about-the-art-of-practice-and-the-limits.pdf
    • http://www.gorillawalker.com/the-political-unconscious-of-architecture-re-opening-jameson-s-narrative.pdf
    • http://www.gorillawalker.com/pathfinder-player-companion-blood-of-the-night-by-tork-shaw.pdf
    • http://www.gorillawalker.com/audel-questions-and-answers-for-electrician-s-examinations-audel-technical.pdf
    • http://www.gorillawalker.com/food-webs-and-the-dynamics-of-marine-reefs.pdf
    • http://www.gorillawalker.com/king-of-the-streets.pdf
    • http://www.gorillawalker.com/revelation-a-slave-s-voyage-of-self-discovery-part-one.pdf
    • http://www.gorillawalker.com/nicklaus.pdf
    • http://www.gorillawalker.com/bathe-one-baby.pdf
    • http://www.gorillawalker.com/mesoscopic-quantum-hall-effect-springer-theses.pdf
    • http://www.gorillawalker.com/first-time-resume.pdf
    • http://www.gorillawalker.com/an-etiquette-guide-to-the-end-times.pdf
    • http://www.gorillawalker.com/como-prevenir-y-combatir-el-dolor-de-espalda-how-to.pdf
    • http://www.gorillawalker.com/clean-fuels-progress-and-experiences-of-demonstration-programs-s-p.pdf
    • http://www.gorillawalker.com/hegel-arguments-of-the-philosophers.pdf
    • http://www.gorillawalker.com/bibliography-of-foreign-students-and-international-study-an-overview-and.pdf
    • http://www.gorillawalker.com/surgical-specialties-board-review-series.pdf
    • http://www.gorillawalker.com/the-clinician-versus-the-crown-british-physician-dr-nigel-cox.pdf
    • http://www.gorillawalker.com/practical-industrial-data-networks-design-installation-and-troubleshooting-idc-technology.pdf
    • http://www.gorillawalker.com/hip-hop-dancers-bobbie-kalman-s-level-readers-my-world.pdf
    • http://www.gorillawalker.com/point-reyes-and-the-marin-headlands-postcard-book.pdf
    • http://www.gorillawalker.com/praxis-ii-music-content-knowledge-5113-exam-flashcard-study-system.pdf
    • http://www.gorillawalker.com/die-idee-des-jahres-oder-weihnachten-ohne-mich-erz-hlungen.pdf
    • http://www.gorillawalker.com/darf-ich-das-noch-essen-richtige-ern-hrung-bei-erh.pdf
    • http://www.gorillawalker.com/blood-ivory-the-massacre-of-the-african-elephant.pdf
    • http://www.gorillawalker.com/advances-in-imaging-and-electron-physics-volume-181.pdf
    • http://www.gorillawalker.com/leopards-of-the-african-plains-safari-animals.pdf
    • http://www.gorillawalker.com/uncivil-youth-race-activism-and-affirmative-governmentality.pdf
    • http://www.gorillawalker.com/richard-scarry-s-best-nursery-tales-ever.pdf
    • http://www.gorillawalker.com/voice-of-the-spirit.pdf
    • http://www.gorillawalker.com/aquaculture-principles-and-practices-fishing-news-books.pdf
    • http://www.gorillawalker.com/incubus.pdf
    • http://www.gorillawalker.com/step-by-step-to-college-and-career-success.pdf
    • http://www.gorillawalker.com/making-sense-of-human-rights.pdf
    • http://www.gorillawalker.com/a-concise-introduction-to-engineering-graphics-4th-edition-with-workbook.pdf
    • http://www.gorillawalker.com/a-midsummer-night-s-dream-large-print-edition-a-play.pdf
    • http://www.gorillawalker.com/architectural-graphic-standards-for-residential-construction.pdf
    • http://www.gorillawalker.com/cyborg-009-vol-3.pdf
    • http://www.gorillawalker.com/start-run-a-craft-business-start-and-run-a.pdf
    • http://www.gorillawalker.com/food-webs-and-the-dynamics-of-marine-re
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.freepdfconvert.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.