Malicious PDF — malware analysis report

Static analysis result for SHA-256 60d0e7f4c55d8733…

MALICIOUS

PDF

42.0 KB Created: 2019-04-30 16:28:53 +03:00 Authoring application: Adobe InDesign CC 2015 (Windows) (via Adobe PDF Library 15.0)
MD5: aa0177eb4426bb6509b62bc09197518a SHA-1: 8ea1d1cb4bc20cf077e6e38478557ad0bfaf01cd SHA-256: 60d0e7f4c55d87338aa563f24013a5fb8a55320b895c7e5516e19d916b3d784b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of numerous links suggests an attempt to manipulate search engine results or direct users to potentially malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/language-and-silence-selected-poems-of-svetlana-marisova.pdf
    • http://www.gorillawalker.com/hollywood-legends-classic-portraits.pdf
    • http://www.gorillawalker.com/a-traveller-in-bohemia-and-moravia-a-historical-guide-for.pdf
    • http://www.gorillawalker.com/central-america-east-coast-guatemala-belize-approaches-to-puerto-barrios.pdf
    • http://www.gorillawalker.com/time-for-hope.pdf
    • http://www.gorillawalker.com/the-politics-of-nuclear-power-a-history-of-the-shoreham.pdf
    • http://www.gorillawalker.com/rescued-by-the-sheikh-harlequin-comics-kindle-edition.pdf
    • http://www.gorillawalker.com/chapter-49-lessons-and-policy-implications-from-the-global-financial.pdf
    • http://www.gorillawalker.com/precontract-studies.pdf
    • http://www.gorillawalker.com/a-girl-is-a-half-formed-thing.pdf
    • http://www.gorillawalker.com/scenario-based-training-with-x-plane-and-microsoft-flight-simulator.pdf
    • http://www.gorillawalker.com/beyond-paradise.pdf
    • http://www.gorillawalker.com/sixties-fashion-queen-all-that-jazz.pdf
    • http://www.gorillawalker.com/school-admissions-code.pdf
    • http://www.gorillawalker.com/muir-among-the-animals.pdf
    • http://www.gorillawalker.com/pedir-a-dios-ask-god-plegarias-mantras-y-oraciones-de.pdf
    • http://www.gorillawalker.com/option-grid-oral-medication-for-adults-with-plaque-psoriasis.pdf
    • http://www.gorillawalker.com/el-loro-y-la-higuera-un-cuento-jataka-a-jataka.pdf
    • http://www.gorillawalker.com/a-brush-with-the-moon-foxblood-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/true-crime-library-serial-killers.pdf
    • http://www.gorillawalker.com/adapted-classics-canterbury-tales-se-95c-adapted-classics-series.pdf
    • http://www.gorillawalker.com/slavery-the-state-and-islam.pdf
    • http://www.gorillawalker.com/zero-to-a-billion-61-rules-entrepreneurs-need-to-know.pdf
    • http://www.gorillawalker.com/the-hottest-day-taboo-older-man-younger-woman-first-time.pdf
    • http://www.gorillawalker.com/skillbuilding-building-speed-and-accuracy-on-the-keyboard-student-edition.pdf
    • http://www.gorillawalker.com/administration-of-rent-and-mortgage-interest-assistance-report-of-inter.pdf
    • http://www.gorillawalker.com/how-hot-is-hot-science-projects-with-temperature-hot-science.pdf
    • http://www.gorillawalker.com/ap-physics-1-crash-course-book-online-advanced-placement-ap.pdf
    • http://www.gorillawalker.com/spaceman-daddy-a-novel.pdf
    • http://www.gorillawalker.com/the-gold-jewelry-buying-guide.pdf
    • http://www.gorillawalker.com/gentlemen-of-decision.pdf
    • http://www.gorillawalker.com/world-war-i-chronicle-of-america-s-wars.pdf
    • http://www.gorillawalker.com/tennessee-farming-tennessee-farmers-antebellum-agriculture-upper-south.pdf
    • http://www.gorillawalker.com/how-to-photograph-the-canadian-rockies.pdf
    • http://www.gorillawalker.com/variationen.pdf
    • http://www.gorillawalker.com/world-link-3-workbook.pdf
    • http://www.gorillawalker.com/the-tarot-game-with-cards.pdf
    • http://www.gorillawalker.com/marconi-s-battle-for-radio-science-stories-series.pdf
    • http://www.gorillawalker.com/education-and-middle-class-society-in-imperial-austria-1848-1918.pdf
    • http://www.gorillawalker.com/beyond-sundown.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.