Malicious PDF — malware analysis report

Static analysis result for SHA-256 63c876ba5a858854…

MALICIOUS

PDF

33.4 KB Created: 2020-01-03 22:18:15 +03:00 Authoring application: Acrobat PDFMaker 10.1 для Word (via Adobe PDF Library 10.0)
MD5: b6429820134bdf55e61796b5677cb834 SHA-1: 5a5e80ce477605c73c2d5322c4d3a2360e8dbd36 SHA-256: 63c876ba5a8588548ae4aadbfbcefcfb62b6b98591219a35bc8c1f3c4bd67b39
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary purpose appears to be directing users to a domain hosting numerous PDF documents, potentially for SEO spam or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/reflections-of-a-seismic-interpreter.pdf
    • http://www.gorillawalker.com/pressure-cooking-recipes-and-on-the-go-recipes-for-a.pdf
    • http://www.gorillawalker.com/jazz-of-the-60s-beyond-jazz-bible-series-fake-book.pdf
    • http://www.gorillawalker.com/farming-systems-on-tribal-farms-economics-and-optimization-major-farming.pdf
    • http://www.gorillawalker.com/a-base-for-debate-the-us-satellite-station-at-nurrungar.pdf
    • http://www.gorillawalker.com/don-t-mess-with-me-who-do-you-think-you.pdf
    • http://www.gorillawalker.com/calea-the-vampire.pdf
    • http://www.gorillawalker.com/ulcers.pdf
    • http://www.gorillawalker.com/guia-de-menorca-viajes-y-turismo-spanish-edition.pdf
    • http://www.gorillawalker.com/crockford-s-file-gareth-bennett-and-the-death-of-the.pdf
    • http://www.gorillawalker.com/aves-birds-la-guia-de-rourke-para-los-simbolos-de.pdf
    • http://www.gorillawalker.com/for-those-we-love-a-spiritual-perspective-on-aids.pdf
    • http://www.gorillawalker.com/currency-wars-the-making-of-the-next-global-crisis-kindle.pdf
    • http://www.gorillawalker.com/jane-evelyn-atwood-rue-des-lombards.pdf
    • http://www.gorillawalker.com/reflections-of-the-soul.pdf
    • http://www.gorillawalker.com/sophia-dem-abgrund-so-nah-german-edition.pdf
    • http://www.gorillawalker.com/across-crete.pdf
    • http://www.gorillawalker.com/by-david-orentlicher-bioethics-and-public-health-law-second-edition.pdf
    • http://www.gorillawalker.com/the-women-s-camp-in-moringen-a-memoir-of-imprisonment.pdf
    • http://www.gorillawalker.com/california-probate-code-2010-ed-california-desktop-codes.pdf
    • http://www.gorillawalker.com/can-you-trust-me.pdf
    • http://www.gorillawalker.com/natural-products-analysis-instrumentation-methods-and-applications.pdf
    • http://www.gorillawalker.com/cultures-of-relatedness-new-approaches-to-the-study-of-kinship.pdf
    • http://www.gorillawalker.com/mallorca-north.pdf
    • http://www.gorillawalker.com/principles-of-cereal-science-and-technology-third-edition.pdf
    • http://www.gorillawalker.com/socially-elected-how-to-win-elections-using-social-media.pdf
    • http://www.gorillawalker.com/doodling-for-foodies-50-delectable-doodle-prompts-and-creative-exercises.pdf
    • http://www.gorillawalker.com/a-different-prince-charming-kindle-edition.pdf
    • http://www.gorillawalker.com/majesty-in-canada-essays-on-the-role-of-royalty.pdf
    • http://www.gorillawalker.com/the-name-of-god-and-the-angel-of-the-lord.pdf
    • http://www.gorillawalker.com/collins-cambridge-igcse-151-cambridge-igcse-ict-student-book-and.pdf
    • http://www.gorillawalker.com/the-complete-fifty-shades-of-alice-a-fairy-tale-for.pdf
    • http://www.gorillawalker.com/the-roaring-girl-norton-critical-editions.pdf
    • http://www.gorillawalker.com/the-kjv-bible-word-find-volume-2-genesis-chapters-45.pdf
    • http://www.gorillawalker.com/new-england-seasons-2015-calendar.pdf
    • http://www.gorillawalker.com/das-vogeltribunal-thriller-german-edition.pdf
    • http://www.gorillawalker.com/national-geographic-guide-to-birding-hot-spots-of-the-united.pdf
    • http://www.gorillawalker.com/process-plant-design-project-management-from-inquiry-to-acceptance.pdf
    • http://www.gorillawalker.com/principles-of-geotechnical-engineering-si-edition.pdf
    • http://www.gorillawalker.com/exit-wounds-a-survival-guide-to-pain-management-for-returning.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.