Malicious PDF — malware analysis report

Static analysis result for SHA-256 66e80f309250fbda…

MALICIOUS

PDF

33.2 KB Created: 2019-11-23 19:52:19 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: 3fad5a33c774aab2ee48989e4b6b1ad7 SHA-1: 19412821c5521d669a4d28ba2ead585cbbbdcaa3 SHA-256: 66e80f309250fbdacec33e649864ac95882171003ba2b643026cbe8b2f6bc3b2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm, likely intended to drive traffic or distribute further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/never-work-again-work-less-earn-more-and-live-your.pdf
    • http://www.gorillawalker.com/the-winter-witch-the-winter-witch-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/keys-to-raising-a-drug-free-child-barron-s-parenting.pdf
    • http://www.gorillawalker.com/body-and-mind-in-motion-dance-and-neuroscience-in-conversation.pdf
    • http://www.gorillawalker.com/yammer-revealed-your-roadmap-to-success-with-enterprise-social-collaboration.pdf
    • http://www.gorillawalker.com/my-android-phone.pdf
    • http://www.gorillawalker.com/romans-preaching-verse-by-verse.pdf
    • http://www.gorillawalker.com/mgb-guide-to-purchase-d-i-y-restoration.pdf
    • http://www.gorillawalker.com/the-automotive-industry-and-the-global-environment-the-next-100.pdf
    • http://www.gorillawalker.com/rebel-a-personal-history-of-the-1960s.pdf
    • http://www.gorillawalker.com/life-and-death-kindle-edition.pdf
    • http://www.gorillawalker.com/beyond-the-science-lab.pdf
    • http://www.gorillawalker.com/notes-on-seiberg-witten-theory-graduate-studies-in-mathematics-vol.pdf
    • http://www.gorillawalker.com/wasatch-tours.pdf
    • http://www.gorillawalker.com/the-destroyer-escort-england-anatomy-of-the-ship.pdf
    • http://www.gorillawalker.com/the-nocturnal-side-of-science-in-david-friedrich-strausss-life.pdf
    • http://www.gorillawalker.com/a-primer-of-oilwell-drilling-fourth-edition-revised.pdf
    • http://www.gorillawalker.com/landscape-painting-in-oils-20-step-by-step-guides-large.pdf
    • http://www.gorillawalker.com/surfactant-enhanced-subsurface-remediation-emerging-technologies-acs-symposium-series.pdf
    • http://www.gorillawalker.com/exposed-free-falling-volume-3.pdf
    • http://www.gorillawalker.com/ecology-and-management-of-tidal-marshesa-model-from-the-gulf.pdf
    • http://www.gorillawalker.com/a-woman-s-need-desire-and-desperation-goes-hand-in.pdf
    • http://www.gorillawalker.com/the-secret-life-of-a-submissive.pdf
    • http://www.gorillawalker.com/commentary-critical-and-explanatory-book-of-numbers-annotated-commentary-critical.pdf
    • http://www.gorillawalker.com/drilling-and-drilling-fluids-developments-in-petroleum-science.pdf
    • http://www.gorillawalker.com/port-management-operations-second-edition-lloyd-s-practical-shipping-guides.pdf
    • http://www.gorillawalker.com/the-deadly-ethnic-riot.pdf
    • http://www.gorillawalker.com/blood-and-wine-unauthorized-story-of-the-gallo-wine-empire.pdf
    • http://www.gorillawalker.com/discovering-advanced-algebra-an-investigative-approach-practice-your-skills-student.pdf
    • http://www.gorillawalker.com/clinical-orthopaedics-and-related-research-number-251-february-1990-bipolar.pdf
    • http://www.gorillawalker.com/divorce-counseling-and-divorce-law-korean-edition.pdf
    • http://www.gorillawalker.com/thinkertoys-a-handbook-of-creative-thinking-techniques.pdf
    • http://www.gorillawalker.com/katalog-der-beschrifteten-objekte-aus-assur-die-schrifttrager-mit-ausnahme.pdf
    • http://www.gorillawalker.com/forbidden-sister-kindle-edition.pdf
    • http://www.gorillawalker.com/the-quantized-space-a-model-of-the-universe-time-and.pdf
    • http://www.gorillawalker.com/dark-power-collection-forbidden-doors.pdf
    • http://www.gorillawalker.com/ornamentation-in-baroque-and-post-baroque-music-with-special-emphasis.pdf
    • http://www.gorillawalker.com/foundations-of-clinical-research-applications-to-practice-2nd-edition.pdf
    • http://www.gorillawalker.com/chapters-in-religious-institutes-1943.pdf
    • http://www.gorillawalker.com/the-sons-of-ben-jonsonian-comedy-in-caroline-england.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.