Malicious PDF — malware analysis report

Static analysis result for SHA-256 69b6052bcf215d18…

MALICIOUS

PDF

43.0 KB Created: 2019-03-17 11:20:14 +03:00 Authoring application: - (via ABBYY FineReader 11)
MD5: f6631ce682b4c9072b2b2e7fdfb152e1 SHA-1: fcacd518f5ad58965bd329c8f0b88a316b94a357 SHA-256: 69b6052bcf215d18c0711579e6672ac71633ce2abfeb874add235d9a8aab92ee
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded URLs, indicating a potential link farm or distribution mechanism. The primary heuristic identified a mass of external PDF links, suggesting a SEO manipulation or content distribution tactic. While no scripts were extracted, the sheer volume of links points to a malicious intent, likely related to initial access via spearphishing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/afro-european-conference-for-industrial-advancement-proceedings-of-the-first.pdf
    • http://www.gorillawalker.com/identificacion-de-lutzomyia-spp-diptera-psychodidae-grupo-verrucarum-por-medio.pdf
    • http://www.gorillawalker.com/baby-duck-and-the-wolf-rosen-real-readers-stem-and.pdf
    • http://www.gorillawalker.com/parents-in-a-pressure-cooker-a-guide-to-responsible-loving.pdf
    • http://www.gorillawalker.com/new-age-lies-exposed.pdf
    • http://www.gorillawalker.com/wood-first-facts-materials.pdf
    • http://www.gorillawalker.com/maya-angelou-bloom-s-modern-critical-views.pdf
    • http://www.gorillawalker.com/twenty-million-tons-under-the-sea-the-daring-capture-of.pdf
    • http://www.gorillawalker.com/the-legend-of-painted-pony-and-the-western-wind-wild.pdf
    • http://www.gorillawalker.com/the-tourist-fatal-treasures-book-1.pdf
    • http://www.gorillawalker.com/forever-yours.pdf
    • http://www.gorillawalker.com/when-love-is-a-lie-narcissistic-partners-the-pathological-relationship.pdf
    • http://www.gorillawalker.com/japanese-calligraphy.pdf
    • http://www.gorillawalker.com/we-the-people-consenting-to-a-deeper-democracy.pdf
    • http://www.gorillawalker.com/total-truth-liberating-christianity-from-its-cultural-captivity-unabridged-audible.pdf
    • http://www.gorillawalker.com/the-road-to-omaha-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/devoured.pdf
    • http://www.gorillawalker.com/trade-development-and-political-economy-essays-in-honour-of-anne.pdf
    • http://www.gorillawalker.com/the-architect-as-worker-immaterial-labor-the-creative-class-and.pdf
    • http://www.gorillawalker.com/civil-rights-stories-law-stories.pdf
    • http://www.gorillawalker.com/reprint-1920-yearbook-stivers-high-school-dayton-ohio.pdf
    • http://www.gorillawalker.com/missouri-curiosities-quirky-characters-roadside-oddities-other-offbeat-stuff-curiosities.pdf
    • http://www.gorillawalker.com/marine-mammals-of-the-world-a-comprehensive-guide-to-their.pdf
    • http://www.gorillawalker.com/30-day-spending-detox-the-simple-plan-to-save-money.pdf
    • http://www.gorillawalker.com/gordon-goodwin-big-phat-play-along-drums-book-cd.pdf
    • http://www.gorillawalker.com/advertising-land-rover-1948-71.pdf
    • http://www.gorillawalker.com/linux-for-beginners-the-ultimate-beginner-guide-to-linux-command.pdf
    • http://www.gorillawalker.com/why-do-buses-come-in-threes-the-hidden-mathematics-of.pdf
    • http://www.gorillawalker.com/lazar-s-mission-jack-lazar-series-volume-3.pdf
    • http://www.gorillawalker.com/tel-el-kebir-1882-wolseley-s-conquest-of-egypt-praeger.pdf
    • http://www.gorillawalker.com/cicero-pro-archia-poeta-oratio-3rd-ed-annotated-latin-collection.pdf
    • http://www.gorillawalker.com/cupcake-cousins-book-1-cupcake-cousins.pdf
    • http://www.gorillawalker.com/stamping-through-astronomy.pdf
    • http://www.gorillawalker.com/chartura-the-alcantarans.pdf
    • http://www.gorillawalker.com/saddles-and-sin-lonesome-point-texas-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/unwanted-unabridged-digital.pdf
    • http://www.gorillawalker.com/falling-down-funny-living-with-epilepsy-a-view-from-the.pdf
    • http://www.gorillawalker.com/the-protos-mandate-a-scientific-novel-science-and-fiction.pdf
    • http://www.gorillawalker.com/the-borzoi-handbook-for-writers-the-borzoi-practice-book-for.pdf
    • http://www.gorillawalker.com/ireland-genealogy-family-history-of-counties-kildare-wicklow-carlow.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.