Malicious PDF — malware analysis report

Static analysis result for SHA-256 679b77f86a75dbad…

MALICIOUS

PDF

33.6 KB Created: 2020-01-17 19:19:52 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Acrobat Distiller 9.5.3 (Macintosh))
MD5: 6a7b659d3348c8ce0555a8cef45fe854 SHA-1: 209865be80cd388436a95bed71fb4579d943e1b5 SHA-256: 679b77f86a75dbadc62389c36f6b53585aa1e798f8953cb4d83cdfde2280fa1f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, suggesting a link farm or SEO poisoning attempt. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a more detailed analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/walton-william-concerto-for-viola-1929-revised-1962-with-piano.pdf
    • http://www.gorillawalker.com/chr.pdf
    • http://www.gorillawalker.com/crossed-pathes-kindle-edition.pdf
    • http://www.gorillawalker.com/history-of-philosophy-volume-iv-descartes-to-leibniz.pdf
    • http://www.gorillawalker.com/contemporary-linear-algebra-1st-edition-book-only.pdf
    • http://www.gorillawalker.com/antigone-a-new-translation.pdf
    • http://www.gorillawalker.com/smoke-and-fire-a-one-act-play.pdf
    • http://www.gorillawalker.com/fire-department-hydraulics-2nd-edition.pdf
    • http://www.gorillawalker.com/cytomegalovirus-hhv-5-infections-pipeline-review-q3-2011-download-pdf.pdf
    • http://www.gorillawalker.com/die-ameise-oder-bemerkungen-charakterzge-und-anekdoten-auch-schlachtberichte-vom.pdf
    • http://www.gorillawalker.com/biochemical-development-of-the-foetus-and-neonate.pdf
    • http://www.gorillawalker.com/risk-management-and-insurance-perspectives-in-a-global-economy.pdf
    • http://www.gorillawalker.com/media-impact-an-introduction-to-mass-media-wadsworth-series-in.pdf
    • http://www.gorillawalker.com/surround-audience-new-museum-triennial-2015.pdf
    • http://www.gorillawalker.com/cotswold-way-british-walking-guide-with-44-large-scale-walking.pdf
    • http://www.gorillawalker.com/transgressive-itineraries-postcolonial-hybridizations-of-dramatic-realism-dramaturgies.pdf
    • http://www.gorillawalker.com/armoury-of-the-knights-a-study-of-the-palace-armoury.pdf
    • http://www.gorillawalker.com/little-brat-banged-hard-taboo-forbidden-first-time-erotic-romance.pdf
    • http://www.gorillawalker.com/hepatitis-a-hundred-questions-one-hundred-new-countryside-series-golden.pdf
    • http://www.gorillawalker.com/china-s-economic-gene-mutations-by-electricity-economics-and-multi.pdf
    • http://www.gorillawalker.com/ni-hao-level-3-workbook-revised-edition-traditional-characters-chinese.pdf
    • http://www.gorillawalker.com/coloring-locals-racial-formation-in-katie-chopin-s-youth-s.pdf
    • http://www.gorillawalker.com/narratives-of-love-and-loss-studies-in-modern-childrens-fiction.pdf
    • http://www.gorillawalker.com/tarot-s-touch-investigating-love-book-3.pdf
    • http://www.gorillawalker.com/secrets-of-the-dragon-world-curiosities-legends-and-lore.pdf
    • http://www.gorillawalker.com/berlitz-italian-phrase-book-berlitz-phrase-book-italian-edition.pdf
    • http://www.gorillawalker.com/women-in-politics-fall-in-love-with-korean-edition.pdf
    • http://www.gorillawalker.com/mastering-the-semi-structured-interview-and-beyond-from-research-design.pdf
    • http://www.gorillawalker.com/ballet-and-modern-dance-a-concise-history.pdf
    • http://www.gorillawalker.com/cheap-easy-ge-washer-repair-2000-edition-cheap-and-easy.pdf
    • http://www.gorillawalker.com/self-start-guitar-10-easy-lessons-a-beginner-s-guide.pdf
    • http://www.gorillawalker.com/franklin-tv-02-franklin-says-sorry.pdf
    • http://www.gorillawalker.com/barbecued-seafood.pdf
    • http://www.gorillawalker.com/surviving-death-a-practical-guide-to-caring-for-the-dying.pdf
    • http://www.gorillawalker.com/where-things-are-questions-answers.pdf
    • http://www.gorillawalker.com/in-the-bright-blue-sky-2pt-2-pt-piano-sheet.pdf
    • http://www.gorillawalker.com/the-first-carlist-war-1833-1840-a-military-history-and.pdf
    • http://www.gorillawalker.com/fighting-from-your-knees-ground-fighting.pdf
    • http://www.gorillawalker.com/doodling-for-bookworms-50-inspiring-doodle-prompts-and-creative-exercises.pdf
    • http://www.gorillawalker.com/oxford-latin-course-part-ii.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.