Malicious PDF — malware analysis report

Static analysis result for SHA-256 62729d13cc2dcd14…

MALICIOUS

PDF

44.2 KB Created: 2019-03-17 06:33:00 +03:00 Authoring application: - (via XEP 4.4 build 20050610)
MD5: a73ada009f88b14731da45f684e55247 SHA-1: 54aafb5bc59c1f64c6af206a84bd9c0fcef73824 SHA-256: 62729d13cc2dcd14fd5af3e8d90412f050c83aef043225ad0b855c3ea258767d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external documents, a behavior flagged as a critical heuristic for SEO link farming. While no scripts were explicitly extracted, the presence of embedded URLs within a PDF often implies JavaScript execution to facilitate link traversal or redirection. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-green-book-rvs-rated-a-cd-rom-companion-2003.pdf
    • http://www.gorillawalker.com/clep-principles-of-marketing-examination-essential-study-references-2013.pdf
    • http://www.gorillawalker.com/the-city-fox-and-others-in-our-community.pdf
    • http://www.gorillawalker.com/messiah-hwv-56-part-ii-chorus-hallelujah-urtext-chorus-score.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-3431-229-13-welding.pdf
    • http://www.gorillawalker.com/social-movements-ideologies-interests-and-identities.pdf
    • http://www.gorillawalker.com/trinidad-and-tobago-and-guyana-race-and-politics-in-two.pdf
    • http://www.gorillawalker.com/scientific-perspectives-on-the-gr.pdf
    • http://www.gorillawalker.com/the-asian-low-carb-secret-a-medically-proven-system-to.pdf
    • http://www.gorillawalker.com/blackbook-sessions-4-sketches-scribbles-full-color-black-book-styles.pdf
    • http://www.gorillawalker.com/handbook-of-obstetrics-and-gynecology-in-chinese-medicine-an-integrated.pdf
    • http://www.gorillawalker.com/sing-happy-birthday-my-first-scrabble-words.pdf
    • http://www.gorillawalker.com/the-one-year-book-of-psalms-kindle-edition.pdf
    • http://www.gorillawalker.com/backyardigans-and-the-beanstalk-backyardigans-8x8.pdf
    • http://www.gorillawalker.com/no-easy-day-the-autobiography-of-a-navy-seal-the.pdf
    • http://www.gorillawalker.com/everyday-arguments-a-guide-to-writing-and-reading-effective-arguments.pdf
    • http://www.gorillawalker.com/abraham-lincoln-a-courageous-leader-american-heroes-benchmark.pdf
    • http://www.gorillawalker.com/wetlands-nature-search-books.pdf
    • http://www.gorillawalker.com/modern-drug-synthesis.pdf
    • http://www.gorillawalker.com/lonely-planet-mandarin-phrasebook-and-audio-cd-lonely-planet-phrasebooks.pdf
    • http://www.gorillawalker.com/the-day-you-discard-your-body.pdf
    • http://www.gorillawalker.com/dear-god-tales-from-foster-high.pdf
    • http://www.gorillawalker.com/dive-truk-lagoon-the-japanese-wwii-pacific-shipwrecks.pdf
    • http://www.gorillawalker.com/the-sociology-of-education-7th-edition.pdf
    • http://www.gorillawalker.com/a-course-in-mathematical-statistics-second-edition.pdf
    • http://www.gorillawalker.com/pool-player-s-edge-2nd-edition.pdf
    • http://www.gorillawalker.com/amsco-elite-series-sheet-music-serenade-low-german-and-english.pdf
    • http://www.gorillawalker.com/the-civil-war-in-spotsylvania-county-confederate-campfires-at-the.pdf
    • http://www.gorillawalker.com/feeding-and-nutrition-in-the-preterm-infant-1e.pdf
    • http://www.gorillawalker.com/the-moral-life-an-introductory-reader-in-ethics-and-literature.pdf
    • http://www.gorillawalker.com/silas-west-bend-saints-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/joseph-christiano-s-bloodtype-diet-ab-a-custom-eating-plan.pdf
    • http://www.gorillawalker.com/hal-leonard-broadway-favorites-alto-saxophone-essential-elements-band.pdf
    • http://www.gorillawalker.com/charles-et-theodore-de-croix-deux-gardes-wallons-vice-roise.pdf
    • http://www.gorillawalker.com/disorders-of-male-sexual-function.pdf
    • http://www.gorillawalker.com/stochastic-approximation-and-recursive-estimation-translations-of-mathematical-monographs.pdf
    • http://www.gorillawalker.com/riding-the-roller-coaster-a-history-of-the-chrysler-corporation.pdf
    • http://www.gorillawalker.com/walter-s-vegetation-of-the-earth.pdf
    • http://www.gorillawalker.com/life-in-interesting-places-an-aberdonian-lady-s-adventures-in.pdf
    • http://www.gorillawalker.com/anthropology-p-ii-italian-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.