Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d4ca52ba5dbb736…

MALICIOUS

PDF

45.6 KB Created: 2019-01-06 08:24:28 +03:00 Authoring application: Documill Publishor 6.3.9.1 by Documill (http://www.documill.com/) (via iText 2.1.6 by 1T3XT)
MD5: 9a81b66a5f8650ee150c35ca60c55df0 SHA-1: 3d415ddcf46ee8f694e006044c51b3c17690cbcf SHA-256: 6d4ca52ba5dbb736c780d00d3a823f85a123ca8ab103fa97720621501da89b7f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a significant number of embedded URLs. The heuristic 'PDF_SEO_LINK_FARM' indicates that these links are likely part of a link farm strategy, aiming to boost search engine optimization for the linked content. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8451

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/book-of-legends-sefer-ha-aggadah-legends-from-the-talmud.pdf
    • http://www.gorillawalker.com/mr-blue.pdf
    • http://www.gorillawalker.com/the-areas-of-my-expertise.pdf
    • http://www.gorillawalker.com/going-bohemian-how-to-teach-writing-like-you-mean-it.pdf
    • http://www.gorillawalker.com/a-requiem-for-love.pdf
    • http://www.gorillawalker.com/brisbane-suburban-suburban-road-maps.pdf
    • http://www.gorillawalker.com/common-core-fourth-grade-4-today-daily-skill-pracitce-common.pdf
    • http://www.gorillawalker.com/duty-collection-and-use-of-criminal-evidence.pdf
    • http://www.gorillawalker.com/the-spiritual-and-clinical-dimensions-of-multiple-personality-disorder-understanding.pdf
    • http://www.gorillawalker.com/the-last-anniversary.pdf
    • http://www.gorillawalker.com/a-digest-of-the-reported-decisions-of-the-courts-of.pdf
    • http://www.gorillawalker.com/china-construction-plans-for-proposed-60-000-000-fiber-plant.pdf
    • http://www.gorillawalker.com/solar-ultraviolet-radiation-modelling-measurements-and-effects-nato-asi-subseries.pdf
    • http://www.gorillawalker.com/german-policy-toward-neutral-spain-1914-1918-rle-the-first.pdf
    • http://www.gorillawalker.com/pesticides-in-water.pdf
    • http://www.gorillawalker.com/mites-freaky-freeloaders-bugs-that-feed-on-people.pdf
    • http://www.gorillawalker.com/freddie-ramos-makes-a-splash-zapato-power.pdf
    • http://www.gorillawalker.com/coaching-football.pdf
    • http://www.gorillawalker.com/el-salvador-la-traicion-del-frente-farabundo-marti-para-la.pdf
    • http://www.gorillawalker.com/discourse-on-the-method.pdf
    • http://www.gorillawalker.com/gender-swap-fisting-gender-bending-feminnization-trans-taboo-erotica.pdf
    • http://www.gorillawalker.com/no-time-to-nap.pdf
    • http://www.gorillawalker.com/political-public-relations-principles-and-applications-routledge-communication-series.pdf
    • http://www.gorillawalker.com/sweet-spot.pdf
    • http://www.gorillawalker.com/fitness-center-manual-arapahoe-community-college.pdf
    • http://www.gorillawalker.com/mexico-city-the-delaplaine-2015-long-weekend-guide-long-weekend.pdf
    • http://www.gorillawalker.com/finishing-becca-a-story-about-peggy-shippen-and-benedict-arnold.pdf
    • http://www.gorillawalker.com/dancers-body-book.pdf
    • http://www.gorillawalker.com/i-might-as-well-be-naked-how-to-survive-airport.pdf
    • http://www.gorillawalker.com/the-everything-cake-mix-cookbook.pdf
    • http://www.gorillawalker.com/heterosexual-masculinities-contemporary-perspectives-from-psychoanalytic-gender-theory-psychoanalysis-in.pdf
    • http://www.gorillawalker.com/please-can-we-keep-the-donkey-a-collection-of-animal.pdf
    • http://www.gorillawalker.com/neonatology-and-clinical-biochemistry-clinical-biochemistry-in-medicine.pdf
    • http://www.gorillawalker.com/confessions-of-a-qantas-flight-attendant-true-tales-and-gossip.pdf
    • http://www.gorillawalker.com/aa-essential-spiral-menorca-aa-essential-spiral-guides.pdf
    • http://www.gorillawalker.com/how-to-be-brilliant-at-reading-how-to-be-brilliant.pdf
    • http://www.gorillawalker.com/children-of-parents-with-parkinson-s-disease-a-research-report.pdf
    • http://www.gorillawalker.com/standardized-test-tutor-reading-grade-4-practice-tests-with-question.pdf
    • http://www.gorillawalker.com/becoming-kayla-collection.pdf
    • http://www.gorillawalker.com/hanif-kureishi-postcolonial-storyteller.pdf
    • http://www.documill.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.