Malicious PDF — malware analysis report

Static analysis result for SHA-256 6821cd3f8fbe79c2…

MALICIOUS

PDF

47.5 KB Created: 2018-11-26 20:03:19 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: 1d7d1c6148184a32a43035e705f66702 SHA-1: f349b232a47d34f7eed4ee3cf95ca7d2272a90f5 SHA-256: 6821cd3f8fbe79c249f6ec940216311e1b65a900c7df88c01cda2026af0678a9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated, preventing a clear understanding of its specific lure, but the sheer volume of links suggests a tactic to manipulate search engine results or distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8868

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bound-by-discretion-owned-8-siren-publishing-everlasting-classic-manlove.pdf
    • http://www.gorillawalker.com/tokyo-void-possibilities-in-absence.pdf
    • http://www.gorillawalker.com/12-months-of-marketing-for-salon-and-spa-ideas-events.pdf
    • http://www.gorillawalker.com/homes-sweet-homes-turquoise-band-07-collins-big-cat.pdf
    • http://www.gorillawalker.com/the-return-of-george-washington-1783-1789-kindle-edition.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-first-love-vol-1.pdf
    • http://www.gorillawalker.com/the-history-of-greenland-including-an-account-of-the-mission.pdf
    • http://www.gorillawalker.com/concluding-unscientific-postscript-to-philosophical-fragments-volume-ii-kierkegaard-s.pdf
    • http://www.gorillawalker.com/tier-one-wild-a-delta-force-novel.pdf
    • http://www.gorillawalker.com/ammo-encyclopedia-2nd-edition.pdf
    • http://www.gorillawalker.com/geometric-integration-theory.pdf
    • http://www.gorillawalker.com/gilbert-law-summary-on-legal-research-writing-and-analysis-gilbert.pdf
    • http://www.gorillawalker.com/the-cuban-missile-crisis-turning-points-in-history.pdf
    • http://www.gorillawalker.com/a-marginal-jew-rethinking-the-historical-jesus-volume-iv-law.pdf
    • http://www.gorillawalker.com/studies-in-the-medieval-history-of-the-yemen-and-south.pdf
    • http://www.gorillawalker.com/moonchild.pdf
    • http://www.gorillawalker.com/the-laws-and-legal-system-of-a-free-market-cuba.pdf
    • http://www.gorillawalker.com/exploring-friendships-puberty-and-relationships-a-programme-to-help-children.pdf
    • http://www.gorillawalker.com/the-first-amendment-in-cross-cultural-perspective-a-comparative-legal.pdf
    • http://www.gorillawalker.com/the-queen-a-novella-the-selection.pdf
    • http://www.gorillawalker.com/always-and-forever-two-novels-too-young-to-die-goodbye.pdf
    • http://www.gorillawalker.com/physics-grade-11-student-edition-and-interactive-online-edition-with.pdf
    • http://www.gorillawalker.com/videoconferencing-technology-in-k-12-instruction-best-practices-and-trends.pdf
    • http://www.gorillawalker.com/biological-management-of-diseases-of-crops-volume-2-integration-of.pdf
    • http://www.gorillawalker.com/f-is-for-fabuloso.pdf
    • http://www.gorillawalker.com/rasa-love-relationships-in-transcendence.pdf
    • http://www.gorillawalker.com/convict-criminology-contemporary-issues-in-crime-and-justice-series.pdf
    • http://www.gorillawalker.com/living-with-adhd-living-with-health-challenges.pdf
    • http://www.gorillawalker.com/world-class-manufacturing-the-lessons-of-simplicity-applied.pdf
    • http://www.gorillawalker.com/early-soundplay-developing-language-and-literacy-in-the-early-years.pdf
    • http://www.gorillawalker.com/all-the-travels-and-studies-in-contemporary-european-russia-finland.pdf
    • http://www.gorillawalker.com/weapons-of-mass-destruction-examining-issues-through-political-cartoons.pdf
    • http://www.gorillawalker.com/2012-13-new-york-city-food-lover-s-guide-zagat.pdf
    • http://www.gorillawalker.com/shape-memory-alloy-valves-basics-potentials-design.pdf
    • http://www.gorillawalker.com/aci-440-1r-15-guide-for-the-design-and-construction.pdf
    • http://www.gorillawalker.com/players-in-the-public-policy-process-nonprofits-as-social-capital.pdf
    • http://www.gorillawalker.com/environmental-risk-analysis-probability-distribution-calculations-digital.pdf
    • http://www.gorillawalker.com/the-condensed-three-high-prevention-manual-high-blood-pressure-high.pdf
    • http://www.gorillawalker.com/a-hero-s-reward.pdf
    • http://www.gorillawalker.com/nursing-home-care-and-facilities-for-veterans-hearing-before-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.