Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e2786d31617e1d4…

MALICIOUS

PDF

33.4 KB Created: 2019-09-02 22:05:12 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.0 para Windows)
MD5: 402d83f6899952acacdc3b2b848fd803 SHA-1: 19c5d90c2301fde6674e2573fd1123cb356c7654 SHA-256: 5e2786d31617e1d4fc9ddd3479934a5b23d7097f2a93b537a8337f4cca95e8d2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to distribute a large volume of content, potentially malicious. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/textbook-of-elementary-physics-volume-2-electricity-and-magnetism.pdf
    • http://www.gorillawalker.com/civil-war-poetry-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/brand-new-emily.pdf
    • http://www.gorillawalker.com/atlas-of-minimally-invasive-surgical-techniques-a-volume-in-the.pdf
    • http://www.gorillawalker.com/baby-a-cloth-book.pdf
    • http://www.gorillawalker.com/constitutions-and-religious-freedom-comparative-constitutional-law-and-policy.pdf
    • http://www.gorillawalker.com/antologia-de-la-liteatura-espanola-renacimiento-y-siglo-de-oro.pdf
    • http://www.gorillawalker.com/god-love-and-nature.pdf
    • http://www.gorillawalker.com/rabbinic-fantasies-imaginative-narratives-from-classical-hebrew-literature-yale-judaica.pdf
    • http://www.gorillawalker.com/usborne-story-of-music.pdf
    • http://www.gorillawalker.com/segunda-parte-de-la-cronica-del-peru-que-trata-del.pdf
    • http://www.gorillawalker.com/arts-pedagogy-and-cultural-resistance-new-materialisms.pdf
    • http://www.gorillawalker.com/journal-of-american-academy-of-child-adolescent-psychiatry-vol-43.pdf
    • http://www.gorillawalker.com/berlitz-mexican-spanish-phrase-book-dictionary-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/hallelujah-chorus-from-messiah-vocal-score-author-george-frideric-handel.pdf
    • http://www.gorillawalker.com/scholastic-reader-level-1-i-spy-merry-christmas.pdf
    • http://www.gorillawalker.com/all-you-need-to-know-about-the-music-business-eighth.pdf
    • http://www.gorillawalker.com/the-biblical-counseling-movement-history-and-context.pdf
    • http://www.gorillawalker.com/public-speaking-for-college-career-10th-edition-print-replica-kindle.pdf
    • http://www.gorillawalker.com/the-ultimate-girls-guide-to-understanding-and-caring-for-your.pdf
    • http://www.gorillawalker.com/manuscript-maps-concerning-the-gulf-coast-texas-and-the-southwest.pdf
    • http://www.gorillawalker.com/participation-of-indigenous-peoples-in-mass-media-a-case-study.pdf
    • http://www.gorillawalker.com/triple-a-blues.pdf
    • http://www.gorillawalker.com/lost-sheep-a-touch-and-feel-book.pdf
    • http://www.gorillawalker.com/on-the-line-how-mci-took-on-at-t-and.pdf
    • http://www.gorillawalker.com/cpt-2013-express-reference-coding-card-gynecology.pdf
    • http://www.gorillawalker.com/logically-fallacious-the-ultimate-collection-of-over-300-logical-fallacies.pdf
    • http://www.gorillawalker.com/best-friends-lesbian-erotic-tales.pdf
    • http://www.gorillawalker.com/what-the-duck-a-w-t-duck-collection.pdf
    • http://www.gorillawalker.com/autumn-and-summer.pdf
    • http://www.gorillawalker.com/the-third-circle-arcane-society-series.pdf
    • http://www.gorillawalker.com/a-transition-to-advanced-mathematics-a-survey-course.pdf
    • http://www.gorillawalker.com/bliss-the-marriage-and-parenting-book.pdf
    • http://www.gorillawalker.com/tribus-urbanas-la-indumentaria-desde-una-perspect-multucultural-spanish-edition.pdf
    • http://www.gorillawalker.com/federal-income-taxation-sixteenth-edition-aspen-casebook.pdf
    • http://www.gorillawalker.com/canada-impressions-the-second-largest-country-in-the-world-calvendo.pdf
    • http://www.gorillawalker.com/waiting-for-cancer-to-come-women-146-s-experiences-with.pdf
    • http://www.gorillawalker.com/the-nursing-assistant-s-handbook-workbook.pdf
    • http://www.gorillawalker.com/stories-of-f-scott-fitzgerald.pdf
    • http://www.gorillawalker.com/plays-for-young-puppeteers-25-puppet-plays-for-easy-performance.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.