Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e8da687d64cf59b…

MALICIOUS

PDF

42.4 KB Created: 2018-11-30 20:23:51 +03:00 Authoring application: - (via ABBYY FineReader 9.0 Sprint)
MD5: 775e7b5855293dd1b2ca93f64b6c5719 SHA-1: 5fc058745eae7374aacdebddc30c6e268e8d3b89 SHA-256: 5e8da687d64cf59b91571edcc818951d5bac592319bb83347ec6735ba9989e36
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or distribute potentially malicious content. The ML classifier also flagged the document as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/an-introduction-to-the-mathematics-of-financial-derivatives-second-edition.pdf
    • http://www.gorillawalker.com/play-hymns-bk-3-10-piano-arrangements-of-traditional-favorites.pdf
    • http://www.gorillawalker.com/germanoslavica-geschichten-aus-dem-hinterhalt-symbolae-slavicae-german-edition.pdf
    • http://www.gorillawalker.com/the-seashore-noisy-book.pdf
    • http://www.gorillawalker.com/linear-algebra-done-right-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/memmler-s-structure-and-function-of-the-human-body-8th.pdf
    • http://www.gorillawalker.com/disturbed.pdf
    • http://www.gorillawalker.com/imaging-of-white-matter-an-issue-of-radiologic-clinics-of.pdf
    • http://www.gorillawalker.com/washington-irving-twayne-s-united-states-authors-series.pdf
    • http://www.gorillawalker.com/it-s-all-about-her.pdf
    • http://www.gorillawalker.com/molecular-biology-of-the-cell-a-problems-approach.pdf
    • http://www.gorillawalker.com/why-lenin-why-stalin-why-gorbachev-the-rise-and-fall.pdf
    • http://www.gorillawalker.com/das-rheingold-wwv-86a-scene-iv-erda-s-warning-weiche.pdf
    • http://www.gorillawalker.com/my-first-london-whizzy-wheels-four-vehicle-shaped-board-books.pdf
    • http://www.gorillawalker.com/dunn-and-haimann-s-healthcare-management.pdf
    • http://www.gorillawalker.com/the-lost-diary-of-snow-white-the-fairytale-chronicles-book.pdf
    • http://www.gorillawalker.com/astronomy-quiz-book.pdf
    • http://www.gorillawalker.com/faust-act-iv-duel-trio-tenor-baritone-bass-que-voulez.pdf
    • http://www.gorillawalker.com/swinburne-s-medievalism-a-study-in-victorian-love-poetry.pdf
    • http://www.gorillawalker.com/auditoria-aplicada-2-tomos-spanish-edition.pdf
    • http://www.gorillawalker.com/unbuilt-toronto-a-history-of-the-city-that-might-have.pdf
    • http://www.gorillawalker.com/ready-set-speak-esl-active-learning-grades-k-5.pdf
    • http://www.gorillawalker.com/september-tod-german-edition.pdf
    • http://www.gorillawalker.com/outcomes-pre-intermediate-real-english-for-the-real-world-outcomes.pdf
    • http://www.gorillawalker.com/explode-39-adult-picture-book.pdf
    • http://www.gorillawalker.com/disabled-world-travels-safe-travel-made-easier-for-the-disabled.pdf
    • http://www.gorillawalker.com/austin-c-clarke-canadian-author-studies-series.pdf
    • http://www.gorillawalker.com/defect.pdf
    • http://www.gorillawalker.com/sedimentation-in-a-synrogenic-basin-complex-the-upper-carboniferous-of.pdf
    • http://www.gorillawalker.com/landscape-and-ideology-the-english-rustic-tradition-1740-1860.pdf
    • http://www.gorillawalker.com/yamaha-service-repair-handbook-80-175cc-enduro-motocross-1968-1976.pdf
    • http://www.gorillawalker.com/larry-coryell-s-power-jazz-guitar-extending-your-creative-reach.pdf
    • http://www.gorillawalker.com/deutsch-kurzgrammatik-german-edition.pdf
    • http://www.gorillawalker.com/a-viking-settler-everyday-life-of-series.pdf
    • http://www.gorillawalker.com/plyometrics.pdf
    • http://www.gorillawalker.com/gower-s-principles-of-modern-company-law.pdf
    • http://www.gorillawalker.com/the-canadian-brass-book-of-beginning-quintets-tuba-b-c.pdf
    • http://www.gorillawalker.com/from-here-to-there-a-father-and-son-roadtrip-adventure.pdf
    • http://www.gorillawalker.com/the-2013-2018-outlook-for-bioinformatics-software-for-predictive-modeling.pdf
    • http://www.gorillawalker.com/assessing-business-excellence.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.