Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f9609daa7274e5e…

MALICIOUS

PDF

42.7 KB Created: 2019-03-17 13:24:58 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: bdf5290488549004f849865c73b9334e SHA-1: 7a7d9880394f9833bdea8f1a04be3151296fa23b SHA-256: 5f9609daa7274e5e6a24c88c302d1e29c74e5e55b0276aae105f941c8b65e2ba
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to drive traffic to a link farm. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a more detailed analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/silent-night-holy-night-christmas-carols-for-harp-and-voice.pdf
    • http://www.gorillawalker.com/baseball-individual-and-team-play-with-problems-and-baseball-coaching.pdf
    • http://www.gorillawalker.com/grey-owl.pdf
    • http://www.gorillawalker.com/the-age-of-giants-dinosaur-files-hardback-common.pdf
    • http://www.gorillawalker.com/in-search-of-god-and-self-renaissance-and-reformation-thought.pdf
    • http://www.gorillawalker.com/kinfolk-oriental-novels-of-pearl-s-buck.pdf
    • http://www.gorillawalker.com/gadoo-the-cat-an-armenian-folktale.pdf
    • http://www.gorillawalker.com/the-doomsday-kids-book-4-amy-s-gift-kindle-edition.pdf
    • http://www.gorillawalker.com/ernani-parte-i-cavatina-come-rugiada-al-cespite-full-score.pdf
    • http://www.gorillawalker.com/national-elections-in-turkey-people-politics-and-the-party-system.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-soul-christmas-cheer-32-stories-of.pdf
    • http://www.gorillawalker.com/essential-relativity-special-general-cosmological.pdf
    • http://www.gorillawalker.com/hearts-aflame-haardrad-family.pdf
    • http://www.gorillawalker.com/zombie-doodle-diaries-doodle-books.pdf
    • http://www.gorillawalker.com/sang-thong-a-dance-drama-from-thailand.pdf
    • http://www.gorillawalker.com/paranormal-files.pdf
    • http://www.gorillawalker.com/the-cleansing-of-the-heavens-the-accuser-cast-down.pdf
    • http://www.gorillawalker.com/boris-pasternak-doctor-zhivago-russian-edition-romansh-edition.pdf
    • http://www.gorillawalker.com/laparoskopische-sigmoidektomie-v-3-german-edition.pdf
    • http://www.gorillawalker.com/100-world-myths-and-legends.pdf
    • http://www.gorillawalker.com/cosmetic-facial-surgery-1e.pdf
    • http://www.gorillawalker.com/je-veux.pdf
    • http://www.gorillawalker.com/conquest-and-survival-in-colonial-guatemala-a-historical-geography-of.pdf
    • http://www.gorillawalker.com/stepbrother-forbidden-stepbrother-where-art-thou-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/collectible-fashions-of-the-turbulent-30s-schiffer-book-for-collectors.pdf
    • http://www.gorillawalker.com/every-spy-a-prince-the-complete-history-of-israel-s.pdf
    • http://www.gorillawalker.com/career-information-career-counseling-and-career-development-10th-edition-merrill.pdf
    • http://www.gorillawalker.com/the-little-black-book-of-connections-6-5-assets-for.pdf
    • http://www.gorillawalker.com/scream-street-rampage-of-the-goblins.pdf
    • http://www.gorillawalker.com/the-game-heroes-diary.pdf
    • http://www.gorillawalker.com/jamestown-journey-back-in-time-kindle-edition.pdf
    • http://www.gorillawalker.com/the-queer-parent-s-primer-a-lesbian-and-gay-families.pdf
    • http://www.gorillawalker.com/counterspy-the-industrial-espionage-counter-surveillance-manual.pdf
    • http://www.gorillawalker.com/the-journey-u-s-border-patrol-the-solution-to-the.pdf
    • http://www.gorillawalker.com/compromised-positions-prostitution-public-health-and-gender-politics-in-revolutionary.pdf
    • http://www.gorillawalker.com/chemistry-core-collins-advanced-modular-sciences.pdf
    • http://www.gorillawalker.com/by-david-ames-alistair-burns-john-o-brein-dementia-fourth.pdf
    • http://www.gorillawalker.com/wok-cookbook-the-best-wok-recipes-for-food-lovers-wok.pdf
    • http://www.gorillawalker.com/adobe-creative-suite-5-design-premium-all-in-one-for.pdf
    • http://www.gorillawalker.com/a-matter-of-magic.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.