Malicious PDF — malware analysis report

Static analysis result for SHA-256 593d43c9e47f244e…

MALICIOUS

PDF

39.6 KB Created: 2018-11-14 11:22:45 +03:00 Authoring application: Word (via Mac OS X 10.4.2 Quartz PDFContext)
MD5: 9c3eca7fd449d89a8fc4f14ab578e10e SHA-1: 9570f7b2d74c799ec5a543e0a9f1fd24ec16eac1 SHA-256: 593d43c9e47f244e73d6e85b380b15408bdee38a1f53a4686b54076e6e089008
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The document body appears to be heavily obfuscated or corrupted, preventing a clear understanding of its direct user-facing content. However, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/environmental-communication-and-the-media-routledge-studies-in-environmental-communication.pdf
    • http://www.gorillawalker.com/elementary-differential-equations-and-boundry-value-problems.pdf
    • http://www.gorillawalker.com/sharp-end-the-trauma-of-a-war-in-vietnam.pdf
    • http://www.gorillawalker.com/arms-makers-of-philadelphia-1660-1890-mellen-studies-in-history.pdf
    • http://www.gorillawalker.com/how-to-read-a-poem.pdf
    • http://www.gorillawalker.com/contact-angle-wettability-and-adhesion-volume-2.pdf
    • http://www.gorillawalker.com/dividing-pensions-in-divorce-2006-cumuiative-supplement.pdf
    • http://www.gorillawalker.com/beginning-worship-keyboard-instruction-for-the-worship-musician-sandy-hoffman.pdf
    • http://www.gorillawalker.com/khubilai-khan-his-life-and-times-english-and-chinese-edition.pdf
    • http://www.gorillawalker.com/salt-in-the-blood-scotland-s-fishing-communities-past-and.pdf
    • http://www.gorillawalker.com/the-story-of-jesus-bible-stories-read-along-with-me.pdf
    • http://www.gorillawalker.com/evie-finds-her-family-tree.pdf
    • http://www.gorillawalker.com/lebesgue-measure-and-integration-an-introduction.pdf
    • http://www.gorillawalker.com/arena-of-shame-from-innocence-to-slave-girl.pdf
    • http://www.gorillawalker.com/organic-chemistry-korean-language.pdf
    • http://www.gorillawalker.com/pocket-book-of-plumbing.pdf
    • http://www.gorillawalker.com/gcse-double-science-biology-higher.pdf
    • http://www.gorillawalker.com/microsoft-powerpoint-2010-plain-simple.pdf
    • http://www.gorillawalker.com/the-tribes-of-albania-history-society-and-culture-library-of.pdf
    • http://www.gorillawalker.com/whitewash-mira.pdf
    • http://www.gorillawalker.com/the-book-of-the-heart-samurai-girl.pdf
    • http://www.gorillawalker.com/kolchak-and-the-lost-world.pdf
    • http://www.gorillawalker.com/edmund-kemper-the-true-story-of-the-co-ed-killer.pdf
    • http://www.gorillawalker.com/resistance-and-integration-peronism-and-the-argentine-working-class-1946.pdf
    • http://www.gorillawalker.com/heart-sisters-be-the-friend-you-want-to-have.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-moroccan-jokes-lots-and-lots.pdf
    • http://www.gorillawalker.com/ivan-bunin-from-the-other-shore-1920-1933-a-portrait.pdf
    • http://www.gorillawalker.com/335-selected-melodious-progressive-technical-studies-for-horn-book-1.pdf
    • http://www.gorillawalker.com/first-impressions-the-macquire-women-book-3.pdf
    • http://www.gorillawalker.com/making-ammo-a-beginner-s-guide-to-handloading.pdf
    • http://www.gorillawalker.com/pre-diploma-sl-and-hl-myp5-plus-mathematics-for-the.pdf
    • http://www.gorillawalker.com/jewish-prayer-viola-and-organ.pdf
    • http://www.gorillawalker.com/project-economics-and-decision-analysis-volume-1-deterministic-models.pdf
    • http://www.gorillawalker.com/audacity-kindle-edition.pdf
    • http://www.gorillawalker.com/beyond-boundaries-learning-to-trust-again-in-relationships.pdf
    • http://www.gorillawalker.com/awesome-animal-facts-stats-and-quizzes-edge-stat-attack.pdf
    • http://www.gorillawalker.com/guardian-of-guadalcanal-the-world-war-ii-story-of-douglas.pdf
    • http://www.gorillawalker.com/picasso-moa-masters-of-art-hardcover.pdf
    • http://www.gorillawalker.com/boiled-sweets-hard-candy-20-traditional-recipes-for-home-made.pdf
    • http://www.gorillawalker.com/fiberoptic-guided-tracheal-intubation-a-practical-approach.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.