Malicious PDF — malware analysis report

Static analysis result for SHA-256 5dc9665aef80b76b…

MALICIOUS

PDF

43.7 KB Created: 2019-04-30 12:58:47 +03:00 Authoring application: Microsoft Word: LaserWriter 8 8.6.5 (via Acrobat Distiller 4.0 for Macintosh)
MD5: 822d8de9905103139ae9f3d4bdc0eb0e SHA-1: 56272200492f0970e3df709129115c8dc2f60334 SHA-256: 5dc9665aef80b76be9de91e6825e7762e6c0636bac5e8e191490f8e611b54969
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a vast collection of other PDFs hosted on the same domain, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/zoologica-fantastica-an-anthology-of-strange-creatures-in-classic-cryptofiction.pdf
    • http://www.gorillawalker.com/a-celebration-of-our-mining-heritage-a-souvenir-publication-to.pdf
    • http://www.gorillawalker.com/does-consciousness-cause-behavior.pdf
    • http://www.gorillawalker.com/berlitz-kids-italian-language-pack-italian-edition.pdf
    • http://www.gorillawalker.com/my-odyssey-to-area-51-autobiography-of-thornton-d-td.pdf
    • http://www.gorillawalker.com/radio-communication-handbook-v-1.pdf
    • http://www.gorillawalker.com/soloistic-english-horn-literature-from-1736-1984-juilliard-performance-guides.pdf
    • http://www.gorillawalker.com/essentials-of-pain-medicine-kindle-edition.pdf
    • http://www.gorillawalker.com/separate-and-peculiar-bei-sich-selwer-un-ungwehnlich-old-order.pdf
    • http://www.gorillawalker.com/brothman-v-michigan-u-s-supreme-court-transcript-of-record.pdf
    • http://www.gorillawalker.com/looking-back-philippines-history-anthology.pdf
    • http://www.gorillawalker.com/the-thermophysics-of-glaciers-glaciology-and-quaternary-geology.pdf
    • http://www.gorillawalker.com/eu-private-international-law-second-edition-elgar-european-law-series.pdf
    • http://www.gorillawalker.com/sakuntala-adscha-und-indumati-der-wonne-wehklage-german-edition.pdf
    • http://www.gorillawalker.com/made-in-vermont.pdf
    • http://www.gorillawalker.com/earth-eyewonder.pdf
    • http://www.gorillawalker.com/revel-for-mastering-public-speaking-access-card-9th-edition.pdf
    • http://www.gorillawalker.com/pert-practice-questions-pert-practice-tests-exam-review-for-the.pdf
    • http://www.gorillawalker.com/wisconsin-its-geology-and-physical-geography-a-popular-account-of.pdf
    • http://www.gorillawalker.com/halloween-the-quintessential-british-guide-to-treats-and-frights.pdf
    • http://www.gorillawalker.com/textbook-of-clinical-chemistry.pdf
    • http://www.gorillawalker.com/the-hippie-kama-sutra.pdf
    • http://www.gorillawalker.com/janice-vancleave-s-volcanoes-mind-boggling-experiments-you-can-turn.pdf
    • http://www.gorillawalker.com/the-sacrificing-mother-the-sacrificing-mother-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/ovni-expediente-oficial-10-incidentes-reales-que-transformar-n-tu.pdf
    • http://www.gorillawalker.com/pearson-nurse-s-drug-guide-2013-2nd-edition.pdf
    • http://www.gorillawalker.com/tosca-vocal-score-a8231.pdf
    • http://www.gorillawalker.com/still-feenin.pdf
    • http://www.gorillawalker.com/conversations-with-billy-wilder.pdf
    • http://www.gorillawalker.com/helsinki-for-less.pdf
    • http://www.gorillawalker.com/cry-in-the-night-a-rock-harbor-mystery.pdf
    • http://www.gorillawalker.com/nuclear-energy-fourth-edition-an-introduction-to-the-concepts-systems.pdf
    • http://www.gorillawalker.com/managing-a-nonprofit-organization-updated-twenty-first-century-edition.pdf
    • http://www.gorillawalker.com/11-healthy-smoothies-best-smoothies-recipes-for-health-smoothies-are.pdf
    • http://www.gorillawalker.com/ezekiel-21-48-concordia-commentary.pdf
    • http://www.gorillawalker.com/made-flesh-sacrament-and-poetics-in-post-reformation-england.pdf
    • http://www.gorillawalker.com/circle-of-magic-books-one-and-two-water-fire.pdf
    • http://www.gorillawalker.com/relative-good-scirocco-drama.pdf
    • http://www.gorillawalker.com/environmental-commodities-markets-and-emissions-trading-towards-a-low-carbon.pdf
    • http://www.gorillawalker.com/desculturalizar-la-cultura-la-gesti.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.