Malicious PDF — malware analysis report

Static analysis result for SHA-256 602db6580cb054da…

MALICIOUS

PDF

33.5 KB Created: 2020-01-10 17:21:54 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 4848a0ad8d9de84bb26913f5713f95c6 SHA-1: 0644edcc7338776a11df77d51f6d3468f7454720 SHA-256: 602db6580cb054da7a1d967553e665ce11aeddb44bf619e0543f8c6c728b8a8e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs all point to the same domain, suggesting a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/galamian-neumann-contemporary-violin-technique-book-2-e-c-schirmer.pdf
    • http://www.gorillawalker.com/aunt-bessie-assumes-an-isle-of-man-cozy-mystery-volume.pdf
    • http://www.gorillawalker.com/wondrous-strange-tales-of-the-uncanny.pdf
    • http://www.gorillawalker.com/my-little-pony-storybook-collection-my-little-pony-harpercollins-hardcover.pdf
    • http://www.gorillawalker.com/double-concerto-in-d-minor-by-johann-sebastian-bach-edited.pdf
    • http://www.gorillawalker.com/flash-catalyst-cs5-bible.pdf
    • http://www.gorillawalker.com/slow-death.pdf
    • http://www.gorillawalker.com/humorists-from-hogarth-to-noel-coward.pdf
    • http://www.gorillawalker.com/stochastics-in-finite-and-infinite-dimensions-in-honor-of-gopinath.pdf
    • http://www.gorillawalker.com/the-one-year-daily-insights-with-zig-ziglar-unabridged-audible.pdf
    • http://www.gorillawalker.com/harvard-medical-school-knees-and-hips-a-troubleshooting-guide-to.pdf
    • http://www.gorillawalker.com/algebra-activities-from-many-cultures.pdf
    • http://www.gorillawalker.com/turkey-hunting-tactics-of-the-pros-expert-advice-to-help.pdf
    • http://www.gorillawalker.com/the-greatest-civil-war-battles-the-battle-of-fredericksburg-kindle.pdf
    • http://www.gorillawalker.com/the-sex-lives-of-cannibals-adrift-in-the-equatorial-pacific.pdf
    • http://www.gorillawalker.com/data-driven-security-analysis-visualization-and-dashboards.pdf
    • http://www.gorillawalker.com/psalms-part-2-and-lamentations.pdf
    • http://www.gorillawalker.com/illegal-trial-of-christ.pdf
    • http://www.gorillawalker.com/women-s-travel-writings-in-italy-chawton-house-library.pdf
    • http://www.gorillawalker.com/the-source-field-investigations-the-hidden-science-and-lost-civilizations.pdf
    • http://www.gorillawalker.com/h-vam-l-runes-norse-and-english-icelandic-edition.pdf
    • http://www.gorillawalker.com/on-my-street.pdf
    • http://www.gorillawalker.com/genetics-of-allergy-and-asthma-methods-for-investigative-studies-clinical.pdf
    • http://www.gorillawalker.com/the-culture-and-commerce-of-texts-scribal-publication-in-seventeenth.pdf
    • http://www.gorillawalker.com/il-trittico-tabarro-gianni-schicchi-suor-angelica-full-score-orig.pdf
    • http://www.gorillawalker.com/sex-slave-iii-surrender.pdf
    • http://www.gorillawalker.com/your-next-breath-catherine-ling.pdf
    • http://www.gorillawalker.com/the-everything-guide-to-pre-algebra-a-helpful-practice-guide.pdf
    • http://www.gorillawalker.com/the-loo-sanction.pdf
    • http://www.gorillawalker.com/tensors-in-mechanics-and-elasticity-engineering-physics-an-international-series.pdf
    • http://www.gorillawalker.com/versos-robados-tercera-edici-n-revisada-y-ampliada-spanish-edition.pdf
    • http://www.gorillawalker.com/the-less-dead.pdf
    • http://www.gorillawalker.com/union-with-christ-in-the-new-testament.pdf
    • http://www.gorillawalker.com/if-your-girl-only-knew.pdf
    • http://www.gorillawalker.com/euclidean-and-non-euclidean-geometries-by-greenberg-marvin-j-w.pdf
    • http://www.gorillawalker.com/the-ancient-egyptians-religious-beliefs-and-practices-the-library-of.pdf
    • http://www.gorillawalker.com/party-in-the-blitz-the-english-years.pdf
    • http://www.gorillawalker.com/chomsky-on-mis-education-critical-perspectives-series-a-book-series.pdf
    • http://www.gorillawalker.com/passion-play.pdf
    • http://www.gorillawalker.com/the-johnny-crow-omnibus-featuring-johnny-crow-s-garden-johnny.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.