Malicious PDF — malware analysis report

Static analysis result for SHA-256 5c508cd72ffcc4c8…

MALICIOUS

PDF

44.3 KB Created: 2019-02-14 08:12:42 +03:00 Authoring application: Adobe InDesign CS6 (Windows) (via Adobe PDF Library 10.0.1)
MD5: 3f6226813564a83bf0446a5f1b78cf27 SHA-1: e3b7ffbad3292ccc5c4364cd53e1dd1a133da170 SHA-256: 5c508cd72ffcc4c88c3048b7ac84f4a1c721f0383bf0f8c3fa8bef6421139815
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external websites, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs appear to be part of a link farm, likely intended to drive traffic or for SEO manipulation, rather than delivering a direct payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-japanese-cruiser-chikuma-super-drawings-in-3d.pdf
    • http://www.gorillawalker.com/piano-specimen-sight-reading-tests-grade-3-abrsm-sight-reading.pdf
    • http://www.gorillawalker.com/what-is-strategy-and-does-it-matter.pdf
    • http://www.gorillawalker.com/50-ways-to-sleep-better.pdf
    • http://www.gorillawalker.com/letters-of-insurgents.pdf
    • http://www.gorillawalker.com/the-wines-of-new-mexico-a-tasteful-journey.pdf
    • http://www.gorillawalker.com/oxford-discover-2-student-book.pdf
    • http://www.gorillawalker.com/the-seven-secrets-the-manual-for-raising-boys-to-men.pdf
    • http://www.gorillawalker.com/scandalicious-a-novel-zane-presents.pdf
    • http://www.gorillawalker.com/taking-the-crime-out-of-sex-work-new-zealand-sex.pdf
    • http://www.gorillawalker.com/perdonar-es-sanar-forgive-for-good-spanish-edition.pdf
    • http://www.gorillawalker.com/the-red-book-kirschner-s-insurance-directories-south-central-west.pdf
    • http://www.gorillawalker.com/wrapped-and-strapped-a-blacktop-cowboys-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/buddhism-s-relation-to-christianity-a-review-by-d-m.pdf
    • http://www.gorillawalker.com/waves-of-opposition-labor-and-the-struggle-for-democratic-radio.pdf
    • http://www.gorillawalker.com/money-money-money-the-meaning-of-the-art-and-symbols.pdf
    • http://www.gorillawalker.com/the-great-new-orleans-kidnapping-case-race-law-and-justice.pdf
    • http://www.gorillawalker.com/commentaries-of-ruy-freyre-de-andrada-in-which-are-related.pdf
    • http://www.gorillawalker.com/1l-complete-success-outlines-subject-outlines-practice-questions-and-explanations.pdf
    • http://www.gorillawalker.com/the-sword-in-anglo-saxon-england-its-archaeology-and-literature.pdf
    • http://www.gorillawalker.com/ludwig-ii-vol-1-yaoi-manga-kindle-edition.pdf
    • http://www.gorillawalker.com/night-of-the-confessor-christian-faith-in-an-age-of.pdf
    • http://www.gorillawalker.com/beginning-opengl-game-programming-second-edition.pdf
    • http://www.gorillawalker.com/venezuela-guide-to-the-country.pdf
    • http://www.gorillawalker.com/locking-you-the-boston-kirkpatricks-book-2.pdf
    • http://www.gorillawalker.com/corruption-officer-from-jail-guard-to-perpetrator-inside-rikers-island.pdf
    • http://www.gorillawalker.com/the-staging-of-plays-before-shakespeare-new-york-theatre-arts.pdf
    • http://www.gorillawalker.com/fuel-cell-technology-reaching-towards-commercialization-engineering-materials-and-processes.pdf
    • http://www.gorillawalker.com/the-meaning-of-the-honours-system-in-everyday-life.pdf
    • http://www.gorillawalker.com/the-life-cycle-of-a-tree-rosen-common-core-readers.pdf
    • http://www.gorillawalker.com/andalucia-aa-european-regional-guides.pdf
    • http://www.gorillawalker.com/clinical-neuropsychology.pdf
    • http://www.gorillawalker.com/nana-vol-21.pdf
    • http://www.gorillawalker.com/you-can-get-bitter-or-better.pdf
    • http://www.gorillawalker.com/mosaicos-volume-1-6th-edition.pdf
    • http://www.gorillawalker.com/love-is-a-choice-the-definitive-book-on-letting-go.pdf
    • http://www.gorillawalker.com/foo-fighters-ultimate-guitar-play-along-book-with-2cds-with.pdf
    • http://www.gorillawalker.com/mauritius-east-beautiful-beaches-uma-lembranca-colecao-de-coloridas-fotografias.pdf
    • http://www.gorillawalker.com/excellence-in-english-preparing-for-the-advanced-placement.pdf
    • http://www.gorillawalker.com/contemporary-issues-in-human-factors-and-aviation-safety.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.