Malicious PDF — malware analysis report

Static analysis result for SHA-256 6c02e8f5a964170c…

MALICIOUS

PDF

43.3 KB Created: 2018-12-15 08:11:21 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: fc3dbfc9f6d71766f57a3ae77f54f745 SHA-1: 60e6c00e2bd3b786906ea6be0c959c7646f29ef2 SHA-256: 6c02e8f5a964170ccbd3bca2e1fa3938965e2fbb174024736a5a602e6b148f29
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, suggesting a link farm or content distribution tactic. The presence of these links, combined with the file's malicious verdict, indicates a likely attempt to lure users to external resources, potentially for phishing or malware distribution. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/life-laughter-a-compilation-of-favorite-humor-columns.pdf
    • http://www.gorillawalker.com/robert-runcie-the-reluctant-archbishop.pdf
    • http://www.gorillawalker.com/bundle-essentials-of-practical-real-estate-law-4th-paralegal-online.pdf
    • http://www.gorillawalker.com/salud-laboral-occupational-health-riesgos-laborales-psicosociales-y-bienestar-laboral.pdf
    • http://www.gorillawalker.com/the-california-roll-a-novel.pdf
    • http://www.gorillawalker.com/tales-of-a-dinosaur-prison-world.pdf
    • http://www.gorillawalker.com/communicating-christ-cross-culturally-second-edition.pdf
    • http://www.gorillawalker.com/20-minute-shiatsu.pdf
    • http://www.gorillawalker.com/cutting-edge-art-horror-and-the-horrific-avant-garde.pdf
    • http://www.gorillawalker.com/let-go-of-clutter.pdf
    • http://www.gorillawalker.com/norman-street-poverty-and-politics-in-an-urban-neighborhood-updated.pdf
    • http://www.gorillawalker.com/red-hot-2016-calendar.pdf
    • http://www.gorillawalker.com/homeland-forgotten-realms.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-bookroom-package-grade-3.pdf
    • http://www.gorillawalker.com/alyssa.pdf
    • http://www.gorillawalker.com/love-me-or-else-the-true-story-of-a-devoted.pdf
    • http://www.gorillawalker.com/reprint-yearbook-1959-yuma-union-high-school-el-saguaro-yearbook.pdf
    • http://www.gorillawalker.com/forever-fit-a-step-by-step-guide-for-older-adults.pdf
    • http://www.gorillawalker.com/race-treatment-and-cardiovascular-health-a-study-of-men-with.pdf
    • http://www.gorillawalker.com/the-glass-blower-of-venice-and-other-stories.pdf
    • http://www.gorillawalker.com/eggs-in-purgatory-a-cackleberry-club-mystery.pdf
    • http://www.gorillawalker.com/basketball-small-fry.pdf
    • http://www.gorillawalker.com/imagination-and-play-in-the-electronic-age.pdf
    • http://www.gorillawalker.com/the-badminton-magazine-of-sports-and-pastimes-september-1907-containing.pdf
    • http://www.gorillawalker.com/how-to-buy-from-the-government-dirt-cheap.pdf
    • http://www.gorillawalker.com/cooper-s-revenge.pdf
    • http://www.gorillawalker.com/the-executive-unbound-after-the-madisonian-republic.pdf
    • http://www.gorillawalker.com/classic-goosebumps-4-the-haunted-mask.pdf
    • http://www.gorillawalker.com/a-motive-for-murder-a-misty-sales-cozy-mystery-book.pdf
    • http://www.gorillawalker.com/current-interruption-transients-calculation.pdf
    • http://www.gorillawalker.com/easy-american-idioms-hundreds-of-idiomatic-expressions-to-give-you.pdf
    • http://www.gorillawalker.com/a-cara-humana-da-negocia-o-portuguese-edition.pdf
    • http://www.gorillawalker.com/national-geographic-student-world-atlas-fourth-edition.pdf
    • http://www.gorillawalker.com/bachata-a-social-history-of-a-dominican-popular-music.pdf
    • http://www.gorillawalker.com/fractal-analysis-and-synergetics-of-catalysis-in-nanosystems.pdf
    • http://www.gorillawalker.com/saltarin.pdf
    • http://www.gorillawalker.com/advances-in-agronomy-volume-78.pdf
    • http://www.gorillawalker.com/computer-networking-a-top-down-approach-international-edition.pdf
    • http://www.gorillawalker.com/hearts-and-crowns-the-anarchy-medieval-romance-book-1-kindle.pdf
    • http://www.gorillawalker.com/the-google-gamble-the-ceo-s-guide-to-traffic-content.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.