Malicious PDF — malware analysis report

Static analysis result for SHA-256 6792b8dd199477c6…

MALICIOUS

PDF

41.0 KB Created: 2018-11-23 21:03:45 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: a394b21f9bf50da2c2d914f2152358ad SHA-1: eb0ab20a49517e62b4d9d7d863e13d064b6451b9 SHA-256: 6792b8dd199477c668506f4fb37ce4480d3dd737a33ece14de056a6b14e59298
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to drive traffic or distribute further content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. While no scripts were extracted, the presence of numerous links and the ML classification indicate a malicious intent, likely related to SEO spam or a phishing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/repaso-de-examenes-de-la-juntas-estatales-state-exam-review.pdf
    • http://www.gorillawalker.com/primary-care-of-the-newborn-mobile-medicine-series-4e.pdf
    • http://www.gorillawalker.com/sleeping-like-a-baby-hypnobooks.pdf
    • http://www.gorillawalker.com/maniac-magee-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/today-s-technician-automotive-engine-repair-and-rebuilding.pdf
    • http://www.gorillawalker.com/fugitive-color-a-national-invitational-show-of-color-photography.pdf
    • http://www.gorillawalker.com/gold-the-elements.pdf
    • http://www.gorillawalker.com/written-in-blood-a-cultural-history-of-the-british-vampire.pdf
    • http://www.gorillawalker.com/modern-global-seismology-volume-58-international-geophysics.pdf
    • http://www.gorillawalker.com/hammond-concise-world-atlas-2000.pdf
    • http://www.gorillawalker.com/zombies-facts-myths-quotes-and-stories-from-every-attack-2012.pdf
    • http://www.gorillawalker.com/vector-mechanics-for-engineers-statics-and-dynamics.pdf
    • http://www.gorillawalker.com/sketchnotes-2012-volume-3.pdf
    • http://www.gorillawalker.com/wheat-free-diet-simplified-a-concise-and-easy-to-read.pdf
    • http://www.gorillawalker.com/whistler-introducing-the-positions-volume-2-violin-published-by-rubank.pdf
    • http://www.gorillawalker.com/let-hope-in-member-book-bible-studies-for-life.pdf
    • http://www.gorillawalker.com/gre-math-flashcards-must-know-concepts-formulas-and-facts-eton.pdf
    • http://www.gorillawalker.com/the-hands-of-the-buddha-the-dhammapada-a-modern-interpretation.pdf
    • http://www.gorillawalker.com/the-honey-jar.pdf
    • http://www.gorillawalker.com/electroceramics-materials-properties-applications-christianity-and-society-in-the-modern.pdf
    • http://www.gorillawalker.com/40-days-to-success-in-real-estate-investing.pdf
    • http://www.gorillawalker.com/intercept-the-secret-history-of-computers-and-spies.pdf
    • http://www.gorillawalker.com/sh-t-rough-drafts-pop-culture-s-favorite-books-movies.pdf
    • http://www.gorillawalker.com/the-new-chardenal-complete-french-course.pdf
    • http://www.gorillawalker.com/tyra-banks-a-biography-greenwood-biographies.pdf
    • http://www.gorillawalker.com/flashmap-chicago.pdf
    • http://www.gorillawalker.com/planning-your-postgraduate-research-palgrave-research-skills.pdf
    • http://www.gorillawalker.com/pirate-captives.pdf
    • http://www.gorillawalker.com/half-past-human.pdf
    • http://www.gorillawalker.com/the-golf-swing-simplified.pdf
    • http://www.gorillawalker.com/porsche-911-r-rs-rsr-production-racing-history-individual-chassis.pdf
    • http://www.gorillawalker.com/manual-de-tapiceria-upholstery-manual-una-guia-paso-a-paso.pdf
    • http://www.gorillawalker.com/chicana-and-chicano-mental-health-alma-mente-y-coraz-n.pdf
    • http://www.gorillawalker.com/orthodontics-for-the-next-millennium.pdf
    • http://www.gorillawalker.com/sex-and-gender-an-introduction.pdf
    • http://www.gorillawalker.com/dwarves-role-aids-advanced-dungeons-dragons.pdf
    • http://www.gorillawalker.com/acoustical-imaging-22.pdf
    • http://www.gorillawalker.com/brazil-on-screen-cinema-novo-new-cinema-utopia-tauris-world.pdf
    • http://www.gorillawalker.com/commodork-sordid-tales-from-a-bbs-junkie.pdf
    • http://www.gorillawalker.com/the-tenth-circle-a-novel.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.