Malicious PDF — malware analysis report

Static analysis result for SHA-256 597971902692fc16…

MALICIOUS

PDF

34.7 KB Created: 2019-09-18 23:38:30 +03:00 Authoring application: FrameMaker 5.5.6p145 (via Acrobat Distiller 6.0 (Windows)) First seen: 2021-06-28
MD5: 995730616f43dfce0d6f389c40a827bb SHA-1: 54bf7aeb6fcf30396f089587da0a44a69f72d3d7 SHA-256: 597971902692fc1631e5fef2d3a0097a04679c740dc961ff145534d0d8e347f9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of embedded URLs suggests an attempt to direct users to potentially malicious or SEO-abused content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/american-british-canadian-intelligence-relations-1939-2000-studies-in-intelligence.pdf In PDF document text
    • http://www.gorillawalker.com/just-for-you-i-can-t-take-a-bath.pdfIn PDF document text
    • http://www.gorillawalker.com/angels-on-my-window.pdfIn PDF document text
    • http://www.gorillawalker.com/maxwell-on-molecules-and-gases.pdfIn PDF document text
    • http://www.gorillawalker.com/the-king-s-last-song.pdfIn PDF document text
    • http://www.gorillawalker.com/der-anarchismus.pdfIn PDF document text
    • http://www.gorillawalker.com/forensic-investigation-of-unusual-firearms-ballistic-and-medico-legal-evidence.pdfIn PDF document text
    • http://www.gorillawalker.com/bark-bite-2004-big-dog-ridgeback-an-article-from-cruising.pdfIn PDF document text
    • http://www.gorillawalker.com/the-wine-journal.pdfIn PDF document text
    • http://www.gorillawalker.com/ugo-mulas.pdfIn PDF document text
    • http://www.gorillawalker.com/crime-scene-whodunits-dr-quicksolve-mini-mysteries.pdfIn PDF document text
    • http://www.gorillawalker.com/holt-mcdougal-literature-texas-interactive-reader-grade-9.pdfIn PDF document text
    • http://www.gorillawalker.com/anaesthesia-pain-intensive-care-and-emergency-medicine-a-p-i.pdfIn PDF document text
    • http://www.gorillawalker.com/theatre-of-empire-ambitions-imp-rialistes-three-hundred-years-of.pdfIn PDF document text
    • http://www.gorillawalker.com/helen-and-teacher-story-of-helen-keller-and-anne-sullivan.pdfIn PDF document text
    • http://www.gorillawalker.com/a-touch-of-midnight-library-edition-midnight-breed.pdfIn PDF document text
    • http://www.gorillawalker.com/national-geographic-science-rocks-and-soil-earth-science-teacher-s.pdfIn PDF document text
    • http://www.gorillawalker.com/the-silver-chair-narnia-arabic-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/the-boy-travellers-in-the-far-east-part-second-adventures.pdfIn PDF document text
    • http://www.gorillawalker.com/poser-4-pro-pack-f-x-and-design.pdfIn PDF document text
    • http://www.gorillawalker.com/wcs-secrets-of-statistics.pdfIn PDF document text
    • http://www.gorillawalker.com/fire-safety-legislation-cpd-study-packs.pdfIn PDF document text
    • http://www.gorillawalker.com/american-art-history-and-culture-revised-first-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/hard-knox-the-life-of-an-nfl-coach.pdfIn PDF document text
    • http://www.gorillawalker.com/programming-in-prolog-using-the-iso-standard-5th-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/basic-drawing-design-and-color.pdfIn PDF document text
    • http://www.gorillawalker.com/cross-and-sanctification.pdfIn PDF document text
    • http://www.gorillawalker.com/a-guide-to-anatomy-for-students-of-medical-gymnastics-massage.pdfIn PDF document text
    • http://www.gorillawalker.com/brody-s-regent-review-living-environment-yeshiva-version-2015-regents.pdfIn PDF document text
    • http://www.gorillawalker.com/virgin-vault-collection-one-three-particularly-filthy-tales-of-innocence.pdfIn PDF document text
    • http://www.gorillawalker.com/practical-handbook-of-fluorescein-angiography.pdfIn PDF document text
    • http://www.gorillawalker.com/housekeeping-in-old-virginia-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/at-the-heart-of-it-ordinary-people-extraordinary-lives.pdfIn PDF document text
    • http://www.gorillawalker.com/il-manoscritto-di-jonathan-merris-italian-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/escape-to-the-forest-based-on-a-true-story-of.pdfIn PDF document text
    • http://www.gorillawalker.com/the-future-as-nightmare-h-g-wells-and-the-anti.pdfIn PDF document text
    • http://www.gorillawalker.com/stone-thrower-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/complete-idiot-s-guide-to-recruiting-the-right-stuff.pdfIn PDF document text
    • http://www.gorillawalker.com/flesh-wounds-an-inspector-troy-novel-a-black-cat-book.pdfIn PDF document text
    • http://www.gorillawalker.com/guitar-heroes-legendary-craftsmen-from-italy-to-new-york-metropolitan.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text