Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f1163544cf5211d…

MALICIOUS

PDF

46.1 KB Created: 2018-11-23 21:03:27 +03:00 Authoring application: - (via Multivalent Merge)
MD5: fe743d2ba0d37deea59542e05761d6ad SHA-1: 9065db17e0e3a263ed65fe4d750fd2da5963be1f SHA-256: 5f1163544cf5211d0bd7e05dca0934f4664abc57afd91e1efb345cdb1e7f86b4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to manipulate search engine results or distribute malicious links. While no scripts were explicitly extracted, the presence of embedded URLs within a PDF often implies the use of JavaScript to facilitate redirection or further exploitation. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/by-willow-creek-press-just-tuxedo-cats-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/deep-excavation-3rd-edition.pdf
    • http://www.gorillawalker.com/bandwidth-the-ghost-of-devlin-mallard.pdf
    • http://www.gorillawalker.com/starch-third-edition-chemistry-and-technology-food-science-and-technology.pdf
    • http://www.gorillawalker.com/porcupine-s-pajama-party-i-can-read.pdf
    • http://www.gorillawalker.com/an-economic-mapping-of-tanga-region-fianal-version-tanzania.pdf
    • http://www.gorillawalker.com/the-crowd-study-of-the-popular-mind.pdf
    • http://www.gorillawalker.com/technology-supported-mathematics-learning-environments-67th-yearbook-2005-nctm-yearbook.pdf
    • http://www.gorillawalker.com/202-ways-to-supplement-your-retirement-income.pdf
    • http://www.gorillawalker.com/esv-reader-s-gospels-top-grain-over-board.pdf
    • http://www.gorillawalker.com/brothel-9.pdf
    • http://www.gorillawalker.com/the-language-of-game-theory-putting-epistemics-into-the-mathematics.pdf
    • http://www.gorillawalker.com/basic-infrastructure-for-a-nuclear-power-project-iaea-tecdoc.pdf
    • http://www.gorillawalker.com/a-mathematical-introduction-to-wavelets-london-mathematical-society-student-texts.pdf
    • http://www.gorillawalker.com/telemarketing-essentials-for-the-executive-what-you-need-to-know.pdf
    • http://www.gorillawalker.com/medical-surgical-nursing-single-volume-text-and-elsevier-adaptive-quizzing.pdf
    • http://www.gorillawalker.com/let-s-talk-about-lying.pdf
    • http://www.gorillawalker.com/el-nuevo-aerobics-nuevos-ejercicios-aerobicos.pdf
    • http://www.gorillawalker.com/laboratory-manual-hydraulics-and-hydraulic-machines.pdf
    • http://www.gorillawalker.com/social-media-in-action-comprehensive-guide-for-architecture-engineering-planning.pdf
    • http://www.gorillawalker.com/reprint-1983-yearbook-pennsbury-high-school-fairless-hills-pennsylvania.pdf
    • http://www.gorillawalker.com/all-the-weyrs-of-pern-dragonriders-of-pern.pdf
    • http://www.gorillawalker.com/the-stanislavski-system-the-professional-training-of-an-actor-second.pdf
    • http://www.gorillawalker.com/a-concordance-to-the-septuagint-and-the-other-greek-versions.pdf
    • http://www.gorillawalker.com/the-power-of-everyday-politics-how-vietnamese-peasants-transformed-national.pdf
    • http://www.gorillawalker.com/the-package-design-book-3.pdf
    • http://www.gorillawalker.com/memory-and-utopia-the-primacy-of-inter-subjectivity-critical-histories.pdf
    • http://www.gorillawalker.com/precambrian-sedimentary-environments-a-modern-approach-to-ancient-depositional-systems.pdf
    • http://www.gorillawalker.com/valuation-methods-and-models-in-applied-corporate-finance.pdf
    • http://www.gorillawalker.com/fractal-scanning-path-planning-control-and-application-chinese-edition.pdf
    • http://www.gorillawalker.com/colloquial-danish.pdf
    • http://www.gorillawalker.com/dermatology-secrets-in-color-with-student-consult-online-access.pdf
    • http://www.gorillawalker.com/tm-10-3930-675-24-2-us-army-technical-manual.pdf
    • http://www.gorillawalker.com/saudi-arabia-business-and-investment-opportunities-yearbook.pdf
    • http://www.gorillawalker.com/high-probability-trading-strategies-entry-to-exit-tactics-for-the.pdf
    • http://www.gorillawalker.com/the-spiritual-battle-against-gluttony-spiritual-combat-series-kindle-edition.pdf
    • http://www.gorillawalker.com/more-than-a-kiss.pdf
    • http://www.gorillawalker.com/the-book-of-secrets-unlocking-the-hidden-dimensions-of-your.pdf
    • http://www.gorillawalker.com/talk-show-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/el-juego-de-ender-b-de-books-spanish-edition-kindle.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.