Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f491fd582cf03ac…

MALICIOUS

PDF

44.3 KB Created: 2018-12-07 18:27:24 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.1.0 (Windows))
MD5: 5605131108473590d14af6b578a1a9b7 SHA-1: 8c19eaba5fe4f705c7adac5cfcf6cf5cc43b8d16 SHA-256: 5f491fd582cf03ac38bd21dc6c736a1b9a9183f0483c645caed6ec877f6d7002
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified by the 'PDF_SEO_LINK_FARM' heuristic. While no scripts were explicitly extracted, the presence of embedded URLs and the nature of the heuristic suggest the document's primary purpose is to redirect users to a website hosting numerous files. This is often used for SEO manipulation or to distribute further malicious content, aligning with a spearphishing attachment delivery method.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/student-affairs.pdf
    • http://www.gorillawalker.com/the-golden-ratio-the-story-of-phi-the-world-s.pdf
    • http://www.gorillawalker.com/democracy-in-central-asia-competing-perspectives-and-alternative-strategies-asia.pdf
    • http://www.gorillawalker.com/official-isc-2-guide-to-the-cissp-cbk-third-edition.pdf
    • http://www.gorillawalker.com/the-interstellar-age-inside-the-forty-year-voyager-mission.pdf
    • http://www.gorillawalker.com/here-comes-the-bride-bridal-chorus-from-lohengrin-sheet-music.pdf
    • http://www.gorillawalker.com/the-koran-with-commentary.pdf
    • http://www.gorillawalker.com/railway-bridge-engineering-korean-edition.pdf
    • http://www.gorillawalker.com/the-rhine-gold-rhine-gold-das-rheingold-vocal-score-first.pdf
    • http://www.gorillawalker.com/protected-heart-queens-of-kings-book-3.pdf
    • http://www.gorillawalker.com/from-requirements-to-java-in-a-snap-model-driven-requirements.pdf
    • http://www.gorillawalker.com/gatewatching-collaborative-online-news-production-digital-formations.pdf
    • http://www.gorillawalker.com/how-i-grew.pdf
    • http://www.gorillawalker.com/trinidad-and-tobago-places-and-peoples-of-the-world.pdf
    • http://www.gorillawalker.com/what-we-must-not-do-in-homoeopathy.pdf
    • http://www.gorillawalker.com/mechanics-heat-and-the-human-body-an-introduction-to-physics.pdf
    • http://www.gorillawalker.com/how-to-draw-manga-mastering-manga-drawings.pdf
    • http://www.gorillawalker.com/handling-the-medical-claim-an-8-step-guide-on-how.pdf
    • http://www.gorillawalker.com/the-living-clock-the-orchestrator-of-biological-rhythms.pdf
    • http://www.gorillawalker.com/a-new-technique-for-job-analysis.pdf
    • http://www.gorillawalker.com/sword-of-clontarf.pdf
    • http://www.gorillawalker.com/smart-talk-for-achieving-your-potential-5-steps-to-get.pdf
    • http://www.gorillawalker.com/under-a-georgia-moon-volume-1.pdf
    • http://www.gorillawalker.com/border-town-4-no-second-chances.pdf
    • http://www.gorillawalker.com/contemporary-architecture-belgium-collection-detours-french-edition.pdf
    • http://www.gorillawalker.com/letts-ks2-sats-revision-success-new-2014-curriculum-edition-151.pdf
    • http://www.gorillawalker.com/pentatonic-soloing-strategies-for-guitar-modern-ideas-for-all-styles.pdf
    • http://www.gorillawalker.com/cultivating-peace-becoming-a-21st-century-peace-ambassador.pdf
    • http://www.gorillawalker.com/olivier-messiaen-and-the-music-of-time-kindle-edition.pdf
    • http://www.gorillawalker.com/object-relations-work-and-the-self.pdf
    • http://www.gorillawalker.com/promise-and-deliverance-vol-ii.pdf
    • http://www.gorillawalker.com/by-trends-international-sports-illustrated-sports-2015-day-at-a.pdf
    • http://www.gorillawalker.com/a-new-world-awakening-volume-5.pdf
    • http://www.gorillawalker.com/overcoming-the-five-dysfunctions-of-a-team-a-field-guide.pdf
    • http://www.gorillawalker.com/when-the-fires-burn-high-and-the-wind-is-from.pdf
    • http://www.gorillawalker.com/the-continuing-city-urban-morphology-in-western-civilization.pdf
    • http://www.gorillawalker.com/imperial-german-field-uniforms-and-equipment-1907-1918-volume-2.pdf
    • http://www.gorillawalker.com/wally-whale-and-his-friends-squeaky-clean.pdf
    • http://www.gorillawalker.com/from-baghdad-to-america-life-lessons-from-a-dog-named.pdf
    • http://www.gorillawalker.com/things-look-different-in-the-light-other-stories-pushkin-collection.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.