Malicious PDF — malware analysis report

Static analysis result for SHA-256 6b837eb9ed550ea8…

MALICIOUS

PDF

42.9 KB Created: 2019-04-04 20:53:38 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 035cb31ac53c73aa8e4261f60b84626f SHA-1: 3026b7bce1cc38e43b710dd21f3ced836c5af527 SHA-256: 6b837eb9ed550ea8adcf7369f160d52c416648148870bc79068411cf4aea79e8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs likely serve to direct users to malicious websites or for SEO spamming purposes, which is a common tactic for distributing malware or phishing content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cosmopolitanism-and-the-media-cartographies-of-change.pdf
    • http://www.gorillawalker.com/chem-lab-basics.pdf
    • http://www.gorillawalker.com/people-reading-control-others.pdf
    • http://www.gorillawalker.com/humor-on-the-double-the-use-of-visual-and-verbal.pdf
    • http://www.gorillawalker.com/taylor-swift-big-buddy-biographies.pdf
    • http://www.gorillawalker.com/mel-bay-solo-pieces-for-the-advanced-violinist.pdf
    • http://www.gorillawalker.com/how-to-create-a-udemy-course-in-5-days.pdf
    • http://www.gorillawalker.com/a-comparison-of-three-stool-tests-for-colorectal-cancer-screening.pdf
    • http://www.gorillawalker.com/methamphetamine-use-clinical-and-forensic-aspects-pacific-institute-series-on.pdf
    • http://www.gorillawalker.com/lisbon-dk-eyewitness-travel-guide.pdf
    • http://www.gorillawalker.com/draping-for-apparel-design-2nd-second-edition-text-only.pdf
    • http://www.gorillawalker.com/challenges-in-ceramic-product-development-manufacture-and-commercialization-ceramic-transactions.pdf
    • http://www.gorillawalker.com/by-dk-publishing-dk-eyewitness-travel-guide-thailand-revised.pdf
    • http://www.gorillawalker.com/cases-in-banking-law-handbook-series.pdf
    • http://www.gorillawalker.com/coaching-the-coach-a-complete-guide-how-to-coach-soccer.pdf
    • http://www.gorillawalker.com/building-successful-writing-skills-digital-text-supplement.pdf
    • http://www.gorillawalker.com/essentials-of-mmpi-2-assessment.pdf
    • http://www.gorillawalker.com/the-geometry-of-the-end-of-time.pdf
    • http://www.gorillawalker.com/vip-handy-dinosaur-answer-book-handy-answer-books.pdf
    • http://www.gorillawalker.com/book-on-the-taboo-against-knowing-who.pdf
    • http://www.gorillawalker.com/destination-mars.pdf
    • http://www.gorillawalker.com/arizona-highways-scenic-2008-wall-calendar.pdf
    • http://www.gorillawalker.com/realidades-2014-leveled-vocabulary-and-grammar-workbook-level-2-realidades.pdf
    • http://www.gorillawalker.com/official-price-guide-to-beer-cans-5th-edition.pdf
    • http://www.gorillawalker.com/psychological-operations-leaders-planning-guide-gta-33-01-001-kindle.pdf
    • http://www.gorillawalker.com/the-pilates-back-book-heal-neck-back-and-shoulder-pain.pdf
    • http://www.gorillawalker.com/eating-mindfully-how-to-end-mindless-eating-and-enjoy-a.pdf
    • http://www.gorillawalker.com/the-ice-road.pdf
    • http://www.gorillawalker.com/pearl-harbor-the-movie-and-the-moment-newmarket-pictorial-moviebooks.pdf
    • http://www.gorillawalker.com/kansas-biographical-dictionary.pdf
    • http://www.gorillawalker.com/worship-in-spirit-and-truth.pdf
    • http://www.gorillawalker.com/military-honour-and-the-conduct-of-war-from-ancient-greece.pdf
    • http://www.gorillawalker.com/hail-to-the-chiefs-presidential-mischief-morals-malarkey-from-george.pdf
    • http://www.gorillawalker.com/contributions-to-neuropsychological-assessment-a-clinical-manual.pdf
    • http://www.gorillawalker.com/meson-physics.pdf
    • http://www.gorillawalker.com/letterhead-logo-design-10-letterhead-and-logo-design-unknown-edition.pdf
    • http://www.gorillawalker.com/what-lies-beneath-erotic-horror.pdf
    • http://www.gorillawalker.com/father-s-day-duck-bulletin-regular-size-package-of-50.pdf
    • http://www.gorillawalker.com/in-defense-of-pure-reason-a-rationalist-account-of-a.pdf
    • http://www.gorillawalker.com/2010-was-registered-accountants-must-pass-the-exam-to-do.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.