Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e9e2e2d17a45169…

MALICIOUS

PDF

37.6 KB Created: 2020-02-08 18:29:44 +03:00 Authoring application: Word (via Acrobat PDFMaker 15 for Word)
MD5: 61dbcee1d1d01170e6bed5e8e47d4689 SHA-1: 9bedf82b09b1eb15bac28b894b260b00e7ee6c47 SHA-256: 5e9e2e2d17a45169a49783657d473353093b1ea0dd7056d85b8609552e8caf78
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5002

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/blue-night-winter-passing-trilogy-2.pdf
    • http://www.gorillawalker.com/the-russian-cosmists-the-esoteric-futurism-of-nikolai-fedorov-and.pdf
    • http://www.gorillawalker.com/art-in-history-600-bc-2000-ad-ideas-in-profile.pdf
    • http://www.gorillawalker.com/a-critical-hypertext-analysis-of-social-media-the-true-colours.pdf
    • http://www.gorillawalker.com/homeland-saul-s-game-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/lighting-techniques-for-video-production-the-art-of-casting-shadows.pdf
    • http://www.gorillawalker.com/methods-of-thermodynamics-dover-books-on-physics.pdf
    • http://www.gorillawalker.com/rules-for-drawing-the-several-parts-of-architecture-in-a.pdf
    • http://www.gorillawalker.com/emeril-lagasse-4-cookbooks-first-editions-emeril-s-new-orleans.pdf
    • http://www.gorillawalker.com/advances-in-cryosurgery-7th-international-congress-of-cryosurgery-october-11.pdf
    • http://www.gorillawalker.com/thoughts-matter-the-practice-of-the-spiritual-life.pdf
    • http://www.gorillawalker.com/children-s-educational-book-junior-leonardo-da-vinci-the-art.pdf
    • http://www.gorillawalker.com/acts-and-laws-of-the-state-of-connecticut-danish-edition.pdf
    • http://www.gorillawalker.com/iso-3594-1976-milk-fat-detection-of-vegetable-fat-by.pdf
    • http://www.gorillawalker.com/the-worst-case-scenario-survival-handbook-survival-handbook-travel-library.pdf
    • http://www.gorillawalker.com/black-nazis-ii-ethnic-minorities-and-foreigners-in-hitler-s.pdf
    • http://www.gorillawalker.com/sunlight-and-shadow-once-upon-a-time.pdf
    • http://www.gorillawalker.com/downturn-fuggedaboudit-when-the-deals-are-sealed-and-it-s.pdf
    • http://www.gorillawalker.com/tales-of-a-hooker-and-her-madam.pdf
    • http://www.gorillawalker.com/with-or-without-a-song-a-memoir-the-scarecrow-filmmakers.pdf
    • http://www.gorillawalker.com/unspecified.pdf
    • http://www.gorillawalker.com/history-of-the-thirteenth-regiment-united-states-infantry.pdf
    • http://www.gorillawalker.com/hungerford-s-diseases-of-livestock.pdf
    • http://www.gorillawalker.com/explaining-beauty-in-mathematics-an-aesthetic-theory-of-mathematics-synthese.pdf
    • http://www.gorillawalker.com/modern-powder-diffraction-1989-reviews-in-mineralogy-volume-20.pdf
    • http://www.gorillawalker.com/designing-effective-women-s-ministries-choosing-planning-and-implementing-the.pdf
    • http://www.gorillawalker.com/finlande-sud-feuille-1-1-400-000.pdf
    • http://www.gorillawalker.com/earth-and-sky-the-wranglers-2.pdf
    • http://www.gorillawalker.com/tales-and-novels-volume-2.pdf
    • http://www.gorillawalker.com/the-creative-enterprise-3-volumes-managing-innovative-organizations-and-people.pdf
    • http://www.gorillawalker.com/rock-and-mineral-eyewitness.pdf
    • http://www.gorillawalker.com/alfred-alfred-s-teach-yourself-to-play-mandolin-book-cd.pdf
    • http://www.gorillawalker.com/wall-writers-graffiti-in-its-innocence.pdf
    • http://www.gorillawalker.com/ecological-research-at-the-offshore-windfarm-alpha-ventus-challenges-results.pdf
    • http://www.gorillawalker.com/opposing-force-doctrinal-framework-and-strategy-fm-7-100-military.pdf
    • http://www.gorillawalker.com/little-lulu-vol-4-sunday-afternoon-v-4.pdf
    • http://www.gorillawalker.com/the-roadside-guide-to-bike-repairs-second-edition.pdf
    • http://www.gorillawalker.com/fatigue-thresholds.pdf
    • http://www.gorillawalker.com/the-abcs-of-viola-easy-piano-accompaniment-for-book-3.pdf
    • http://www.gorillawalker.com/multigenic-and-induced-systemic-resistance-in-plants.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.