Malicious PDF — malware analysis report

Static analysis result for SHA-256 6149e0a4ad4282ef…

MALICIOUS

PDF

44.0 KB Created: 2019-02-14 08:12:18 +03:00 Authoring application: -
MD5: 47f62a819d780e5699448a647ab00530 SHA-1: 48c37325ae2efa9072778a59b9681b848b8a8f4f SHA-256: 6149e0a4ad4282ef0b636c04f3c2f0b0e6ef448981f0e42ac276ef8488c4451d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be to direct users to a vast collection of links, potentially for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cowboy-and-the-crusader-kindle-edition.pdf
    • http://www.gorillawalker.com/2000-topical-meeting-on-silicon-monolithic-integrated-circuits-in-rf.pdf
    • http://www.gorillawalker.com/benefits-of-resistance-training-transcend-age-health-status-across-specialties.pdf
    • http://www.gorillawalker.com/history-of-western-philosophy-routledge-classics.pdf
    • http://www.gorillawalker.com/strategy-genius-40-insights-from-the-science-of-strategic-thinking.pdf
    • http://www.gorillawalker.com/decorative-chinese-designs-stained-glass-coloring-book-dover-design-stained.pdf
    • http://www.gorillawalker.com/knight-fall-bobby-knight-the-truth-behind-america-s-most.pdf
    • http://www.gorillawalker.com/di-sprezzo-degno-no-14-from-la-traviata-act-2.pdf
    • http://www.gorillawalker.com/recipies-from-the-far-side-kindle-edition.pdf
    • http://www.gorillawalker.com/cooking-school-american-food.pdf
    • http://www.gorillawalker.com/diary-of-a-spring-holiday-in-cuba-1872.pdf
    • http://www.gorillawalker.com/spiralizer-cookbook-top-49-veggie-friendly-spiralizer-recipes-from-sweet.pdf
    • http://www.gorillawalker.com/infliximab-improved-psoriasis-by-75-in-nearly-90-of-patients.pdf
    • http://www.gorillawalker.com/monster-truck-mountain-rescue-busy-wheels.pdf
    • http://www.gorillawalker.com/ged-model-test.pdf
    • http://www.gorillawalker.com/discovery-cove-tips-for-a-day-in-paradise-kindle-edition.pdf
    • http://www.gorillawalker.com/the-full-battery-codebook-a-handbook-of-psychological-test-interpretation.pdf
    • http://www.gorillawalker.com/farin-urlaub-racing-team-songbook.pdf
    • http://www.gorillawalker.com/have-a-heart-books-and-stuff.pdf
    • http://www.gorillawalker.com/altered-sensations-rudolph-koenig-s-acoustical-workshop-in-nineteenth-century.pdf
    • http://www.gorillawalker.com/negotiations-readings-exercises-and-cases.pdf
    • http://www.gorillawalker.com/a-very-virginia-christmas.pdf
    • http://www.gorillawalker.com/on-the-universal-the-uniform-the-common-and-dialogue-between.pdf
    • http://www.gorillawalker.com/dinosaur-a-read-aloud-storybook-walt-disney-pictures.pdf
    • http://www.gorillawalker.com/abc-s-of-beekeeping-problems-and-problem-beekeepers.pdf
    • http://www.gorillawalker.com/a-history-and-critical-analysis-of-blake-s-7-the.pdf
    • http://www.gorillawalker.com/does-the-center-hold-an-introduction-to-western-philosophy.pdf
    • http://www.gorillawalker.com/dance-motta-fotografia.pdf
    • http://www.gorillawalker.com/how-to-make-a-fortune-in-import-export.pdf
    • http://www.gorillawalker.com/letter-s-to-my-future-wife-365-days-of-undying.pdf
    • http://www.gorillawalker.com/atlas-lsat-logic-games-strategy-guide.pdf
    • http://www.gorillawalker.com/a-man-s-game.pdf
    • http://www.gorillawalker.com/math-made-a-bit-easier-lesson-plans-a-guide-for.pdf
    • http://www.gorillawalker.com/paper-universe-star-trek-paperback.pdf
    • http://www.gorillawalker.com/att-2-business-taxation-accounting-principles-fa-2012-paper-2.pdf
    • http://www.gorillawalker.com/kenya-the-tensions-of-progress.pdf
    • http://www.gorillawalker.com/prehistoric-and-present-commerce-among-the-arctic-coast-eskimo.pdf
    • http://www.gorillawalker.com/vamps-tramps-new-essays.pdf
    • http://www.gorillawalker.com/the-historic-architecture-of-warsaw-north-carolina.pdf
    • http://www.gorillawalker.com/how-to-make-your-muscle-car-handle-revised-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.