Malicious PDF — malware analysis report

Static analysis result for SHA-256 62420821fdc54649…

MALICIOUS

PDF

42.5 KB Created: 2018-11-30 20:24:49 +03:00 Authoring application: Apache FOP Version 2.1
MD5: 2576ac678c6d9d2bda017e2535b4b6f7 SHA-1: bbb43b47abce2c03b6aab97e38d18844e4e1fdcf SHA-256: 62420821fdc54649c74d0da09a594aeeb7eb2f4a81aabd656a09047320b18552
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/viento-quebrado-poes-a-reunida-fondo-de-cultura-economica-spanish.pdf
    • http://www.gorillawalker.com/statistical-methods-for-evaluating-safety-in-medical-product-development-statistics.pdf
    • http://www.gorillawalker.com/shared-by-the-bikers-on-the-road-to-nashville-bareback.pdf
    • http://www.gorillawalker.com/why-me-lord-it-s-a-part-of-life.pdf
    • http://www.gorillawalker.com/what-s-cooking-in-kentucky.pdf
    • http://www.gorillawalker.com/gmp-the-tianjin-grand-theater-in-china.pdf
    • http://www.gorillawalker.com/medicare-rbrvs-the-physicians-guide-2014.pdf
    • http://www.gorillawalker.com/rhythm-and-rhyme-counting-rhythm-rhyme-book-and-cd-collections.pdf
    • http://www.gorillawalker.com/evolution-book-2-in-the-witch-s-inheritance-series-kindle.pdf
    • http://www.gorillawalker.com/a-cognitive-neuropsychological-approach-to-assessment-and-intervention-in-aphasia.pdf
    • http://www.gorillawalker.com/tom-of-finland-comic-collection-i.pdf
    • http://www.gorillawalker.com/schubert-s-late-lieder-beyond-the-song-cycles.pdf
    • http://www.gorillawalker.com/the-attalid-kingdom-a-constitutional-history.pdf
    • http://www.gorillawalker.com/greyhound-handicapping-with-eb-win-with-eb-at-the-track.pdf
    • http://www.gorillawalker.com/the-partial-rapture-theory-e-x-p-l-a-i.pdf
    • http://www.gorillawalker.com/big-curvy-the-bbw-bundle-bbw-erotica-collection.pdf
    • http://www.gorillawalker.com/the-hermeneutics-of-john-calvin-monograph-supplements-to-the-scottish.pdf
    • http://www.gorillawalker.com/being-miss-behaved-humorous-essays-for-the-politically-incorrect.pdf
    • http://www.gorillawalker.com/i-survived-kerobokan-a-shocking-story-from-behind-the-bars.pdf
    • http://www.gorillawalker.com/voyage-to-gallipoli.pdf
    • http://www.gorillawalker.com/pamphlet-architecture-23-move-sites-of-trauma.pdf
    • http://www.gorillawalker.com/work-systems-the-methods-measurement-management-of-work.pdf
    • http://www.gorillawalker.com/my-first-picture-atlas-128pp-omnibus.pdf
    • http://www.gorillawalker.com/get-it-together-how-can-you-better-run-your-home.pdf
    • http://www.gorillawalker.com/buying-and-selling-volatility.pdf
    • http://www.gorillawalker.com/power-and-energy-history-of-invention-hardcover.pdf
    • http://www.gorillawalker.com/bereavement-care-a-new-look-at-hospice-and-community-based.pdf
    • http://www.gorillawalker.com/medical-terminology-a-student-centered-approach-2nd-edition.pdf
    • http://www.gorillawalker.com/chocolate.pdf
    • http://www.gorillawalker.com/peace-love-barbecue-recipes-secrets-tall-tales-and-outright-lies.pdf
    • http://www.gorillawalker.com/5-minute-math-problem-of-the-day-250-fun-multi.pdf
    • http://www.gorillawalker.com/social-policy-review-27-analysis-and-debate-in-social-policy.pdf
    • http://www.gorillawalker.com/1915-the-death-of-innocence.pdf
    • http://www.gorillawalker.com/angels-demons-cd-audio-common.pdf
    • http://www.gorillawalker.com/narrative-approaches-to-brain-injury-brain-injury-series.pdf
    • http://www.gorillawalker.com/building-call-center-culture.pdf
    • http://www.gorillawalker.com/the-summer-i-wasn-t-me.pdf
    • http://www.gorillawalker.com/measuring-access-to-healthful-affordable-food-in-american-indian-and.pdf
    • http://www.gorillawalker.com/in-ex-terior-the-works-of-eva-jiricna.pdf
    • http://www.gorillawalker.com/psychiatric-mental-health-nursing-concepts-of-care-with-quick-reference.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.