Malicious PDF — malware analysis report

Static analysis result for SHA-256 6a717e9a5f41044a…

MALICIOUS

PDF

41.4 KB Created: 2019-01-06 08:13:09 +03:00 Authoring application: -
MD5: f8fa8ab93d4e0274473e90955952bc5e SHA-1: ae138edafd01b2275c532df86c6fb9f18b521356 SHA-256: 6a717e9a5f41044a6f6f6a2d16581af7d24a6e841ee6e6df88a23815b337aefa
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document was flagged by an ML classifier and contains a large number of embedded external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links to other PDFs indicates a potential distribution or redirection mechanism. The primary attack pattern observed is the embedding of numerous external URLs within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/earthquakes-an-introduction-to-observational-seismology.pdf
    • http://www.gorillawalker.com/evening-rondeau.pdf
    • http://www.gorillawalker.com/brooke-and-the-fairy-happy-birthday-the-magical-murphy-farm.pdf
    • http://www.gorillawalker.com/in-pictures-and-in-words-teaching-the-qualities-of-good.pdf
    • http://www.gorillawalker.com/shoulder-arms-letters-and-recollections-of-the-22nd-new-york.pdf
    • http://www.gorillawalker.com/the-triangle-shirtwaist-factory-fire-its-legacy-of-labor-rights.pdf
    • http://www.gorillawalker.com/scholastic-success-with-addition-subtraction-multiplication-division-grade-4.pdf
    • http://www.gorillawalker.com/notes-from-the-shore.pdf
    • http://www.gorillawalker.com/toonerific-for-string-orchestra-score.pdf
    • http://www.gorillawalker.com/asia-s-new-institutional-architecture-evolving-structures-for-managing-trade.pdf
    • http://www.gorillawalker.com/unlock-the-bible-keys-to-discovering-the-people-places.pdf
    • http://www.gorillawalker.com/action-and-appearance-ethics-and-the-politics-of-writing-in.pdf
    • http://www.gorillawalker.com/the-zen-teachings-of-jesus.pdf
    • http://www.gorillawalker.com/restore-the-roar.pdf
    • http://www.gorillawalker.com/the-young-people-s-book-of-saints.pdf
    • http://www.gorillawalker.com/the-phonological-structure-of-the-verbal-roots-in-arabic-and.pdf
    • http://www.gorillawalker.com/langmuir-probe-diagnostics-of-the-vasimr-engine-kindle-edition.pdf
    • http://www.gorillawalker.com/the-sound-approach-to-birding-a-guide-to-understanding-bird.pdf
    • http://www.gorillawalker.com/u-s-s-milwaukee-civil-war-monitor.pdf
    • http://www.gorillawalker.com/handmade-birthdays-101-gift-cake-card-ideas-for-ages-1.pdf
    • http://www.gorillawalker.com/basalt-types-petrology-and-uses-earth-sciences-in-the-21st.pdf
    • http://www.gorillawalker.com/three-into-one-milf-meets-her-match.pdf
    • http://www.gorillawalker.com/curriculum-and-evaluation-standards-for-school-mathematics.pdf
    • http://www.gorillawalker.com/lectures-on-revival.pdf
    • http://www.gorillawalker.com/fundamentals-of-construction-estimating.pdf
    • http://www.gorillawalker.com/famous-trials-engel-v-vitale-prayer-in-the-public-schools.pdf
    • http://www.gorillawalker.com/seafood-for-schnauzers-gourmet-recipes-for-dogs-dog-lovers-cookbooks.pdf
    • http://www.gorillawalker.com/icaew-management-information-passcards.pdf
    • http://www.gorillawalker.com/the-flamboyant-unabridged-audio-cd.pdf
    • http://www.gorillawalker.com/what-you-can-do-to-stop-bullying-stand-up-bullying.pdf
    • http://www.gorillawalker.com/foot-and-ankle-secrets-1e.pdf
    • http://www.gorillawalker.com/the-us-military-in-africa-enhancing-security-and-development.pdf
    • http://www.gorillawalker.com/offerings-of-the-heart-money-and-values-in-faith-communities.pdf
    • http://www.gorillawalker.com/largo-winch-english-version-volume-6-and-die.pdf
    • http://www.gorillawalker.com/how-to-make-an-ebook-cover-for-non-designers.pdf
    • http://www.gorillawalker.com/fodor-s-bermuda-travel-guide.pdf
    • http://www.gorillawalker.com/how-to-break-into-pharmaceutical-sales-a-headhunter-s-strategy.pdf
    • http://www.gorillawalker.com/dictionary-of-agriculture.pdf
    • http://www.gorillawalker.com/santanoni-from-japanese-temple-to-life-at-adirondack-great-camp.pdf
    • http://www.gorillawalker.com/domestic-relationships-a-contemporary-approach-interactive-casebook-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.