Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d01c656a340daa2…

MALICIOUS

PDF

44.0 KB Created: 2018-11-26 08:36:39 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: 6c1483f89d2d4706e08aac5915c0c709 SHA-1: 3d1b35ef1b7a0b226a6301395a40387eb2033808 SHA-256: 5d01c656a340daa271dbcf896b91176fc42dd953142dce1d3b4fb76d4182f3a3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs likely serve to direct users to potentially malicious or unwanted content, possibly as part of a link-farming or SEO-poisoning scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/preggo-springs-gender-transformation-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/red-red-roadster.pdf
    • http://www.gorillawalker.com/a-joint-venture-partnership-corporate-tax-practice-korean-edition.pdf
    • http://www.gorillawalker.com/goldie-s-locks-a-bdsm-modern-fairy-tale.pdf
    • http://www.gorillawalker.com/the-bog-people-iron-age-man-preserved.pdf
    • http://www.gorillawalker.com/catholic-women-writers-a-bio-bibliographical-sourcebook.pdf
    • http://www.gorillawalker.com/a-normal-life-kindle-edition.pdf
    • http://www.gorillawalker.com/noaa-diving-manual-diving-for-science-and-technology-fourth-edition.pdf
    • http://www.gorillawalker.com/presidential-humor-for-candidates-speechwriters-and-voters-preachers-housewives-janitors.pdf
    • http://www.gorillawalker.com/fractured-steel-imperfect-metal-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/used-mitsubishi-space-star-buyer-s-guide-1999-present.pdf
    • http://www.gorillawalker.com/agile-management-for-software-engineering-applying-the-theory-of-constraints.pdf
    • http://www.gorillawalker.com/salt-light-and-a-city-introducing-missional-ecclesiology.pdf
    • http://www.gorillawalker.com/software-fault-tolerance-techniques-and-implementation-artech-house-computing-library.pdf
    • http://www.gorillawalker.com/flight-motor-set-360l008-sts-32r-final-report-sudoc-nas.pdf
    • http://www.gorillawalker.com/stalking-point.pdf
    • http://www.gorillawalker.com/the-journey-of-a-christian-counselor.pdf
    • http://www.gorillawalker.com/quantitative-trait-loci-analysis-in-animals-cabi-publishing.pdf
    • http://www.gorillawalker.com/readings-in-public-choice-economics.pdf
    • http://www.gorillawalker.com/guerra-espiritual-una-guia-para-la-mujer-spanish-edition.pdf
    • http://www.gorillawalker.com/438-secrets-of-happy-people-kindle-edition.pdf
    • http://www.gorillawalker.com/phosphorimetry-theory-instrumentation-and-applications.pdf
    • http://www.gorillawalker.com/first-verbs-a-case-study-of-early-grammatical-development.pdf
    • http://www.gorillawalker.com/contemporary-bayesian-econometrics-and-statistics.pdf
    • http://www.gorillawalker.com/ruling-world-water-spirits-marine-demons-deliverance-book-2-kindle.pdf
    • http://www.gorillawalker.com/child-m-series.pdf
    • http://www.gorillawalker.com/electronics-principles-and-applications-with-student-data-cd-rom.pdf
    • http://www.gorillawalker.com/a-simple-spanish-grammar.pdf
    • http://www.gorillawalker.com/free-rein-to-kill-euthanasia-in-america-paperback-2005-author.pdf
    • http://www.gorillawalker.com/les-trois-cochons.pdf
    • http://www.gorillawalker.com/transformative-learning-in-practice-insights-from-community-workplace-and-higher.pdf
    • http://www.gorillawalker.com/move-it-4-teacher-s-multi-rom-for-pack-next.pdf
    • http://www.gorillawalker.com/the-wake-of-the-lorelei-lee-being-an-account-of.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-desserts-25-esponjosa-cold.pdf
    • http://www.gorillawalker.com/the-deliberate-corruption-of-climate-science-kindle-edition.pdf
    • http://www.gorillawalker.com/leo-tolstoy-bllomsbury-library-of-educational-thought-continuum-library-of.pdf
    • http://www.gorillawalker.com/fat-boy-thin-man.pdf
    • http://www.gorillawalker.com/nara-buddhist-art-todai-ji-heibonsha-survey-of-japanese-art.pdf
    • http://www.gorillawalker.com/no-end-of-a-lesson-story-of-suez.pdf
    • http://www.gorillawalker.com/vortices-and-monopoles-structure-of-static-gauge-theories-progress-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.