Malicious PDF — malware analysis report

Static analysis result for SHA-256 665aca7383fbd176…

MALICIOUS

PDF

31.1 KB Created: 2020-02-20 03:43:13 +03:00 Authoring application: - (via htmldoc 1.8.27 Copyright 1997-2006 Easy Software Products, All Rights Reserved.)
MD5: e6747a837eb00b3dd5293810a0b0be1a SHA-1: 53ae873a4d4f1d6b62b454cb96a7127f336101eb SHA-256: 665aca7383fbd1765e4662daa2fa2380eac55889c95289448fb8a62959827a6f
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to other PDF files, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to distribute or host malicious content, potentially leading to further compromise. The ML_NYX_PDF_MALICIOUS heuristic also flags the document as malicious. The SE_DOWNLOAD_BUTTON heuristic indicates a call-to-action, reinforcing the lure to click these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8405

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/treasury-management-the-practitioner-s-guide-wiley-corporate-f-a.pdf
    • http://www.gorillawalker.com/lenten-reflections-from-a-father-who-keeps-his-promises-kindle.pdf
    • http://www.gorillawalker.com/legendary-connecticut-traditional-tales-from-the-nutmeg-state.pdf
    • http://www.gorillawalker.com/modern-personal-radio-systems-i-e-e-telecommunications-series.pdf
    • http://www.gorillawalker.com/the-client-who-changed-me.pdf
    • http://www.gorillawalker.com/japanese-for-busy-people-iii-cds-japanese-for-busy-people.pdf
    • http://www.gorillawalker.com/beethoven-hero.pdf
    • http://www.gorillawalker.com/structures-of-patriarchy-the-state-the-community-the-household.pdf
    • http://www.gorillawalker.com/dreams-guide-to-the-soul-40-ancient-secret-keys-to.pdf
    • http://www.gorillawalker.com/the-new-science-of-perfect-skin-understanding-skin-care-myths.pdf
    • http://www.gorillawalker.com/innovative-teaching-strategies-in-nursing-and-related-health-professions-bradshaw.pdf
    • http://www.gorillawalker.com/understanding-your-social-agency-3rd-edition-sage-human-services-guides.pdf
    • http://www.gorillawalker.com/introduction-to-random-signals-and-applied-kalman-filtering-3rd-edition.pdf
    • http://www.gorillawalker.com/anatomy-of-a-headache-the-kinnie-funt-system-of-referred.pdf
    • http://www.gorillawalker.com/eyewitness.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-knife-throwing-master-the-sport-of.pdf
    • http://www.gorillawalker.com/the-wysis-way-offa-s-dyke-to-the-thames-path.pdf
    • http://www.gorillawalker.com/ambrose-bierce-and-the-death-of-kings.pdf
    • http://www.gorillawalker.com/crash-course-gastrointestinal-system-mosby-s-crash-course-series.pdf
    • http://www.gorillawalker.com/the-dive-sites-of-kenya-and-tanzania-including-pemba-zanzibar.pdf
    • http://www.gorillawalker.com/the-banking-and-currency-bill-speech-of-elihu-root-1913.pdf
    • http://www.gorillawalker.com/spy-case.pdf
    • http://www.gorillawalker.com/what-makes-you-die.pdf
    • http://www.gorillawalker.com/retailing-principles-and-practices.pdf
    • http://www.gorillawalker.com/masting-and-rigging-the-clipper-ship-and-ocean-carrier.pdf
    • http://www.gorillawalker.com/organic-chemistry-william-h-brown-and-lawrence-s-brown.pdf
    • http://www.gorillawalker.com/travel-journal-malta.pdf
    • http://www.gorillawalker.com/computing-for-seniors-quicksteps.pdf
    • http://www.gorillawalker.com/the-galapagos-islands-1st-ed.pdf
    • http://www.gorillawalker.com/a-woman-a-man-and-two-kingdoms-the-story-of.pdf
    • http://www.gorillawalker.com/jupiter-true-books-space.pdf
    • http://www.gorillawalker.com/maybe-someday-kindle-edition.pdf
    • http://www.gorillawalker.com/westland-sea-king-in-detail-photo-manual-for-modelers.pdf
    • http://www.gorillawalker.com/feet-first-in-the-water-with-a-baby-in-my.pdf
    • http://www.gorillawalker.com/aphrodites-s-hne-02-unsterbliche-sehnsucht-german-edition.pdf
    • http://www.gorillawalker.com/still-waters-sandhamn-murders-book-1.pdf
    • http://www.gorillawalker.com/consolidated-ontario-securities-act-regulations-and-rules-1999-with-policy.pdf
    • http://www.gorillawalker.com/barbarian-bride-romancing-the-romans-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/well-being-productivity-and-happiness-at-work.pdf
    • http://www.gorillawalker.com/biofeedback-gray-matter.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.