Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f57d8a613fec159…

MALICIOUS

PDF

42.0 KB Created: 2018-11-15 18:31:51 +03:00 Authoring application: PDF CoDe 2015.5473 (c) 2002-2015 European Commission
MD5: 27ea2ea2b8fee9f2f0e4f0e4d17906ce SHA-1: b8d551e1ab04995e227b2e396d8072dbbc39f09c SHA-256: 6f57d8a613fec159c579d20d6491a611b3f3930346b00eaffa81f6481c509910
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs suggest an attempt to drive traffic to a specific domain, potentially for SEO manipulation or to distribute further malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-resurrection-factor-compelling-evidence-which-proves-the-resurrection-of.pdf
    • http://www.gorillawalker.com/my-husband-s-bestfriend.pdf
    • http://www.gorillawalker.com/rhinoplasty-dvd.pdf
    • http://www.gorillawalker.com/bibliographic-guide-to-dance.pdf
    • http://www.gorillawalker.com/suicide-risk-assessment-and-risk-management.pdf
    • http://www.gorillawalker.com/a-ride-on-horseback-to-florence-through-france-and-switzerland.pdf
    • http://www.gorillawalker.com/the-peregrine-with-the-hill-of-summer.pdf
    • http://www.gorillawalker.com/unstoppable-referrals-10x-referrals-half-the-effort.pdf
    • http://www.gorillawalker.com/hathor-rising-the-power-of-the-goddess-in-ancient-egypt.pdf
    • http://www.gorillawalker.com/designing-type-anglais.pdf
    • http://www.gorillawalker.com/euripides-the-complete-plays-volume-i.pdf
    • http://www.gorillawalker.com/crear-valor-con-las-personas-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/man-and-sea.pdf
    • http://www.gorillawalker.com/og-mandino-s-great-trilogy.pdf
    • http://www.gorillawalker.com/how-to-win-in-small-claims-court-in-new-york.pdf
    • http://www.gorillawalker.com/five-easy-steps-to-a-balanced-math-program-for-secondary.pdf
    • http://www.gorillawalker.com/practical-hepatology-genuine-new-wu-meng-chao-people-s-health.pdf
    • http://www.gorillawalker.com/tranny-911-the-complete-series-the-cartel-publications-presents-cartel.pdf
    • http://www.gorillawalker.com/psychiatry-and-the-business-of-madness-an-ethical-and-epistemological.pdf
    • http://www.gorillawalker.com/the-power-of-failure-27-ways-to-turn-life-s.pdf
    • http://www.gorillawalker.com/classic-biography-ibsen-penguin-classic-biography.pdf
    • http://www.gorillawalker.com/ride-the-revolution-the-inside-stories-from-women-in-cycling.pdf
    • http://www.gorillawalker.com/account-of-a-journey-through-the-western-portion-of-colombia.pdf
    • http://www.gorillawalker.com/interracial-communication-theory-into-practice.pdf
    • http://www.gorillawalker.com/at-work-in-the-early-modern-english-theater-valuing-labor.pdf
    • http://www.gorillawalker.com/the-nile-river-land-and-water-world-rivers.pdf
    • http://www.gorillawalker.com/21st-shu-recorder-ensemble-series-2012-isbn-4883954854-japanese-import.pdf
    • http://www.gorillawalker.com/bikini-cops-from-space-futas-on-the-final-frontier.pdf
    • http://www.gorillawalker.com/liso-o-spero-las-propiedades-de-los-materiales-spanish-edition.pdf
    • http://www.gorillawalker.com/tunes-for-bears-to-dance-to.pdf
    • http://www.gorillawalker.com/pantera-bass-anthology-series-parental-advisory-authentic-bass-tab-edition.pdf
    • http://www.gorillawalker.com/rethinking-faith-a-constructive-practical-theology-theology-and-the-sciences.pdf
    • http://www.gorillawalker.com/2012-writer-s-market-deluxe-edition.pdf
    • http://www.gorillawalker.com/meat-cooking-st-michael-cookery-library.pdf
    • http://www.gorillawalker.com/america-s-war-on-sex-the-attack-on-law-lust.pdf
    • http://www.gorillawalker.com/zebra-print-ragged-patchwork-cross-peace-bible-cover-case.pdf
    • http://www.gorillawalker.com/the-blue-geranium-complete-unabridged-the-agatha-christie-collection-marple.pdf
    • http://www.gorillawalker.com/cultural-competence-practice-stages-and-client-systems-a-case-study.pdf
    • http://www.gorillawalker.com/stardogs.pdf
    • http://www.gorillawalker.com/pre-ib-workbook-for-future-ib-diploma-math-sl-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.