Malicious PDF — malware analysis report

Static analysis result for SHA-256 674e391e59b1d4ef…

MALICIOUS

PDF

44.6 KB Created: 2018-11-30 01:49:29 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: 51ad67709d3e0b3ce2ab7d6507ab9bbf SHA-1: 389859fb0bba98973a3ca1d1dcae40006be5daf8 SHA-256: 674e391e59b1d4eff25126580c0a3bf320ae3fe592136dcd81f83b5f32926db4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine results or to distribute a payload via these linked documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-multiple-sclerosis-diet-book.pdf
    • http://www.gorillawalker.com/the-calgary-stampede-a-collection-of-vintage-postcards-by-ken.pdf
    • http://www.gorillawalker.com/three-s-no-crowd-business-or-pleasure-bwwm-bbw-fertile.pdf
    • http://www.gorillawalker.com/dance-and-somatics-mind-body-principles-of-teaching-and-performance.pdf
    • http://www.gorillawalker.com/the-orient-in-a-mirror.pdf
    • http://www.gorillawalker.com/derrida-s-voice-and-phenomenon-edinburgh-philosophical-guides.pdf
    • http://www.gorillawalker.com/seniors-travel-motivation-and-the-influential-factors-an-examination-of.pdf
    • http://www.gorillawalker.com/mcat-high-yield-problem-solving-guide.pdf
    • http://www.gorillawalker.com/profiles-of-female-genius.pdf
    • http://www.gorillawalker.com/canarias-ante-el-declive-del-petr-leo-spanish-edition.pdf
    • http://www.gorillawalker.com/pathfinder-campaign-setting-skull-shackles-poster-map-folio-pathfinder-campaign.pdf
    • http://www.gorillawalker.com/prostate-cancer-twenty-five-ways-to-beat-the-cancer-blues.pdf
    • http://www.gorillawalker.com/el-libro-de-ecg-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/buddha-and-the-gospel-of-buddhism.pdf
    • http://www.gorillawalker.com/all-he-knew-hardback-common.pdf
    • http://www.gorillawalker.com/crystallography-made-crystal-clear-second-edition-a-guide-for-users.pdf
    • http://www.gorillawalker.com/the-dragon-never-sleeps.pdf
    • http://www.gorillawalker.com/skye-o-malley-a-novel.pdf
    • http://www.gorillawalker.com/ost-west-eduard-steinberg-zwischen-moskau-und-paris.pdf
    • http://www.gorillawalker.com/population-and-evolutionary-genetics-a-primer-benjamin-cummings-series-in.pdf
    • http://www.gorillawalker.com/early-greek-poetry-and-philosophy.pdf
    • http://www.gorillawalker.com/the-quiet-revolution-in-american-psychoanalysis-selected-papers-of-arnold.pdf
    • http://www.gorillawalker.com/biblical-greek-laminated-sheet-zondervan-get-an-a-study-guides.pdf
    • http://www.gorillawalker.com/adobe-photoshop-elements-7-and-adobe-premiere-elements-7-classroom.pdf
    • http://www.gorillawalker.com/encyclopedia-of-religion-volume-14-transcendental-meditation-v-14.pdf
    • http://www.gorillawalker.com/aztec-inca-maya-dk-eyewitness-books.pdf
    • http://www.gorillawalker.com/your-body-doesn-t-lie-unlock-the-power-of-your.pdf
    • http://www.gorillawalker.com/the-thanksgiving-door.pdf
    • http://www.gorillawalker.com/reis-door-nieuw-grenada-en-venezuela-de-aarde-en-haar.pdf
    • http://www.gorillawalker.com/the-art-of-love.pdf
    • http://www.gorillawalker.com/developmental-toxicology-third-edition-target-organ-toxicology-series.pdf
    • http://www.gorillawalker.com/warren-g-harding-the-american-presidents-series-the-29th-president.pdf
    • http://www.gorillawalker.com/the-enduring-faith-and-timeless-truths-of-fulton-sheen.pdf
    • http://www.gorillawalker.com/interstitial-cystitis-pipeline-review-q4-2010-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-most-perverted-system-christianity-in-america-kindle-edition.pdf
    • http://www.gorillawalker.com/the-great-chain-of-being-and-other-tales-of-the.pdf
    • http://www.gorillawalker.com/spirit-of-the-wild-dog-the-world-of-wolves-coyotes.pdf
    • http://www.gorillawalker.com/handbook-of-orthognathic-treatment-a-team-approach.pdf
    • http://www.gorillawalker.com/the-jains-the-library-of-religious-beliefs-and-practices.pdf
    • http://www.gorillawalker.com/consigue-lo-que-necesites-del-universo-accede-al-poder-de.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.