Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d78278a1184349a…

MALICIOUS

PDF

43.1 KB Created: 2019-03-17 07:24:48 +03:00 Authoring application: Writer (via OpenOffice.org 2.0)
MD5: c689ced79a66ada5f5d6680cad581e1e SHA-1: b29759327e08caafc987dcc2c8265a017deb4923 SHA-256: 5d78278a1184349ab644fe57a7b33ae5e9fc7c4c95aa9666010459f17996de41
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or hosting a link farm, rather than direct user interaction, as no executable scripts or clear user-facing lures were found in the document body.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/materials-science-of-polymers-for-engineers.pdf
    • http://www.gorillawalker.com/polymers-for-packaging-applications-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/feminist-theory-fourth-edition-the-intellectual-traditions.pdf
    • http://www.gorillawalker.com/the-captain-s-log-diamond-lil-does-the-loop.pdf
    • http://www.gorillawalker.com/my-dream-journal-a-book-for-recording-the-beautiful-bizarre.pdf
    • http://www.gorillawalker.com/pon-top-edisto-cookin-tweenst-the-rivers.pdf
    • http://www.gorillawalker.com/gregg-college-keyboarding-document-processing-word-2007-update-kit-2.pdf
    • http://www.gorillawalker.com/fire-investigation.pdf
    • http://www.gorillawalker.com/an-italian-affair.pdf
    • http://www.gorillawalker.com/clarinet-exam-pieces-20142017-grade-2-score-part-selected-from.pdf
    • http://www.gorillawalker.com/essential-keyboard-repertoire-vol-7-spanning-seven-centuries-alfred-masterwork.pdf
    • http://www.gorillawalker.com/studying-congregations-a-new-handbook.pdf
    • http://www.gorillawalker.com/the-einstein-theory-of-relativity-the-beginners-guide-to-the.pdf
    • http://www.gorillawalker.com/seeds-of-revolution-a-collection-of-axioms-passages-and-proverbs.pdf
    • http://www.gorillawalker.com/gis-tutorial-for-homeland-security.pdf
    • http://www.gorillawalker.com/stretching-with-caveats-strength-flexibility-an-article-from-running-fitnews.pdf
    • http://www.gorillawalker.com/taken-in-the-restroom-husband-turned-gay-1-staright-to.pdf
    • http://www.gorillawalker.com/byzanz-konstantinopel-istanbul-handbuch-d-kunstdenkmaler-german-edition.pdf
    • http://www.gorillawalker.com/iso-14644-1-1999-cleanrooms-and-associated-controlled-environments-part.pdf
    • http://www.gorillawalker.com/cakes-and-pastries.pdf
    • http://www.gorillawalker.com/the-olive-and-the-tree-the-secret-strength-of-the.pdf
    • http://www.gorillawalker.com/55-most-common-medicinal-herbs-the-complete-natural-medicine-guide.pdf
    • http://www.gorillawalker.com/by-wolfgang-amadeus-mozart-the-marriage-of-figaro-le-nozze.pdf
    • http://www.gorillawalker.com/the-palm-at-the-end-of-the-mind-selected-poems.pdf
    • http://www.gorillawalker.com/finanzas-para-no-financieros-spanish-edition.pdf
    • http://www.gorillawalker.com/nutrition-from-science-to-you-2nd-edition.pdf
    • http://www.gorillawalker.com/automotive-air-conditioning-and-heating-service-manual-1981-supplement.pdf
    • http://www.gorillawalker.com/darkest-secrets-of-film-directing-how-successful-film-directors-overcome.pdf
    • http://www.gorillawalker.com/the-business-style-handbook-second-edition-an-a-to-z.pdf
    • http://www.gorillawalker.com/new-guinea-headhunt.pdf
    • http://www.gorillawalker.com/studyguide-for-principles-of-international-law-by-murphy-sean-d.pdf
    • http://www.gorillawalker.com/coding-club-level-1-python-basics.pdf
    • http://www.gorillawalker.com/islam-living-religions.pdf
    • http://www.gorillawalker.com/the-dogs-of-yelapa-los-perros-de-yelapa-adventures-with.pdf
    • http://www.gorillawalker.com/digital-slr-astrophotography-practical-amateur-astronomy.pdf
    • http://www.gorillawalker.com/beatmung-grundlagen-und-praxis-german-edition.pdf
    • http://www.gorillawalker.com/police-officer-exam-barron-s-police-officer-exam.pdf
    • http://www.gorillawalker.com/teen-s-guide-to-living-with-asthma-teen-s-guides.pdf
    • http://www.gorillawalker.com/the-mysterious-tadpole-a-pied-piper-book.pdf
    • http://www.gorillawalker.com/the-michigan-divorce-book-without-minor-children-a-guide-to.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.