Malicious PDF — malware analysis report

Static analysis result for SHA-256 67e5e3543ac90209…

MALICIOUS

PDF

35.7 KB Created: 2019-12-14 07:10:10 +03:00 Authoring application: Adobe Illustrator CS3 (via Adobe PDF library 8.00)
MD5: f4ac1b9dfb7eaa82f818c88919edaf59 SHA-1: 2c47a7e7cd3292bf20d041a12a99ed5d5b36593c SHA-256: 67e5e3543ac90209c072fcead24aa2dbdcee76266546ee339c7def99e47c35e2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the same domain, suggesting a link farm or SEO manipulation tactic. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was heavily obfuscated and truncated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8021

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jean-baptiste-say-and-the-classical-canon-in-economics-the.pdf
    • http://www.gorillawalker.com/recent-advances-in-inverse-scattering-schur-analysis-and-stochastic-processes.pdf
    • http://www.gorillawalker.com/relinquish-embrace-series-book-1.pdf
    • http://www.gorillawalker.com/strategies-for-implementing-guided-math.pdf
    • http://www.gorillawalker.com/fanconi-anemia-medicine-book-23-kindle-edition.pdf
    • http://www.gorillawalker.com/family-manual-for-loved-ones-a-family-manual-for-your.pdf
    • http://www.gorillawalker.com/oxytocin-the-biological-guide-to-motherhood.pdf
    • http://www.gorillawalker.com/a-history-of-egypt-from-earliest-times-to-the-present.pdf
    • http://www.gorillawalker.com/barron-s-ap-psychology-6th-edition.pdf
    • http://www.gorillawalker.com/journal-of-chromatography.pdf
    • http://www.gorillawalker.com/milkweed-random-house-reader-s-circle.pdf
    • http://www.gorillawalker.com/the-fender-stratocaster-handbook-2nd-edition-how-to-buy-maintain.pdf
    • http://www.gorillawalker.com/red-mist-scarpetta.pdf
    • http://www.gorillawalker.com/commercial-real-estate-leases-preparation-and-negotiation-real-estate-practice.pdf
    • http://www.gorillawalker.com/french-entree-calais-champagne-the-ardennes-bruges-p-o-european.pdf
    • http://www.gorillawalker.com/the-illuminators-and-illuminations-of-the-choir-books-from-santa.pdf
    • http://www.gorillawalker.com/volcano-a-visual-guide.pdf
    • http://www.gorillawalker.com/studyguide-for-epidemiology-101-by-friis-robert-h-isbn-9780763754433.pdf
    • http://www.gorillawalker.com/negligence-clauses-in-ocean-bills-of-lading-conflict-of-laws.pdf
    • http://www.gorillawalker.com/the-four-twenty-blackbirds-pie-book-uncommon-recipes-from-the.pdf
    • http://www.gorillawalker.com/who-s-driving.pdf
    • http://www.gorillawalker.com/employment-discrimination-lawsuits-leading-lawyers-on-developing-case-strategies-evaluating.pdf
    • http://www.gorillawalker.com/cream-academy-a-hucow-adventure-first-time-hucow-adult-nursing.pdf
    • http://www.gorillawalker.com/practical-cleanroom-design.pdf
    • http://www.gorillawalker.com/whos-who-in-late-medieval-england-who-s-who-in.pdf
    • http://www.gorillawalker.com/the-indian-metropolis-a-view-toward-the-west.pdf
    • http://www.gorillawalker.com/island-paradise-the-myth-an-examination-of-contemporary-caribbean-and.pdf
    • http://www.gorillawalker.com/manual-of-the-seven-spirits.pdf
    • http://www.gorillawalker.com/the-well-laden-ship-dumbarton-oaks-medieval-library.pdf
    • http://www.gorillawalker.com/cormanthyr-empire-of-the-elves-ad-d-fantasy-roleplaying-forgotten.pdf
    • http://www.gorillawalker.com/fast-and-furious-6-game-guide-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/life-and-death-decisions-with-small-group-discussion-questions.pdf
    • http://www.gorillawalker.com/public-nudists-german-edition.pdf
    • http://www.gorillawalker.com/differential-equations-linear-algebra-2nd-custom-edition-for-the-university.pdf
    • http://www.gorillawalker.com/studying-second-language-acquisition-from-a-qualitative-perspective-second-language.pdf
    • http://www.gorillawalker.com/family-life-merit-badge-series.pdf
    • http://www.gorillawalker.com/advances-in-two-phase-flow-and-heat-transfer-fundamentals-and.pdf
    • http://www.gorillawalker.com/the-living-pythons-a-complete-guide-to-the-pythons-of.pdf
    • http://www.gorillawalker.com/one-step-at-a-time-a-young-marine-s-story.pdf
    • http://www.gorillawalker.com/focal-digital-imaging-a-to-z.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.