Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f9d741a6a650453…

MALICIOUS

PDF

43.7 KB Created: 2019-04-09 05:13:40 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0 (Windows))
MD5: 2f5c6bf444f0f1503fee029460f31a1a SHA-1: 4133bb174d50e5870b9c8951501926b0d16a493b SHA-256: 6f9d741a6a650453326d6b64f6e43e0de23db0b32f51802b5096f004786dedde
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the same domain, suggesting a link farm or content distribution strategy. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/walking-with-god-kindle-edition.pdf
    • http://www.gorillawalker.com/rockers-and-rollers-a-full-throttle-memoir.pdf
    • http://www.gorillawalker.com/quantum-doctor-the-a-quantum-physicist-explains-the-healing-power.pdf
    • http://www.gorillawalker.com/julius-caesar-notes-shakespeare-workshop.pdf
    • http://www.gorillawalker.com/5-pilares-de-la-fabrica-visual.pdf
    • http://www.gorillawalker.com/concertpiece-opus-12-for-trumpet-and-piano-brandt-nagel-1736.pdf
    • http://www.gorillawalker.com/essential-cg-lighting-techniques-with-3ds-max-focal-press-visual.pdf
    • http://www.gorillawalker.com/sexy-skirt-and-white-stockings.pdf
    • http://www.gorillawalker.com/dance-in-america.pdf
    • http://www.gorillawalker.com/different-gravities.pdf
    • http://www.gorillawalker.com/greek-sculpture-a-collection-of-16-greek-marbles-with-introduction.pdf
    • http://www.gorillawalker.com/a-forever-family-forever-trilogy-volume-6.pdf
    • http://www.gorillawalker.com/me-she-my-supernatural-gender-swap-alpha-werewolf-erotica-kindle.pdf
    • http://www.gorillawalker.com/dear-lorna.pdf
    • http://www.gorillawalker.com/timed-readings-book-8.pdf
    • http://www.gorillawalker.com/speaking-up-without-freaking-out-50-techniques-for-confident-calm.pdf
    • http://www.gorillawalker.com/my-first-atlas-hardcover.pdf
    • http://www.gorillawalker.com/tea-time-with-joy-a-revelation-on-women-s-influence.pdf
    • http://www.gorillawalker.com/avatar-book-one-star-trek-deep-space-nine-bk-1.pdf
    • http://www.gorillawalker.com/mediterranean-inspiration-color-schemes-rudecolor-com-color-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/the-burden-of-memory-the-muse-of-forgiveness-w-e.pdf
    • http://www.gorillawalker.com/sound-darwin-college-lectures.pdf
    • http://www.gorillawalker.com/the-wild-geese.pdf
    • http://www.gorillawalker.com/structure-borne-noise-and-related-fields-of-interest-recent-work.pdf
    • http://www.gorillawalker.com/novel-writing-novel-writing-for-beginners-proven-and-simple-techniques.pdf
    • http://www.gorillawalker.com/growing-up-native-american-an-anthology.pdf
    • http://www.gorillawalker.com/boundaries-of-the-soul-the-practice-of-j.pdf
    • http://www.gorillawalker.com/songs-my-mother-taught-me-vintage-sheet-music.pdf
    • http://www.gorillawalker.com/horrible-harry-and-the-mud-gremlins.pdf
    • http://www.gorillawalker.com/textile-processing-and-properties-volume-11-preparation-dyeing-finishing-and.pdf
    • http://www.gorillawalker.com/l-exercisier-manuel-d-expression-francaise-cecr-b1-b2-french.pdf
    • http://www.gorillawalker.com/the-new-york-public-library-amazing-african-american-history-a.pdf
    • http://www.gorillawalker.com/casting-crowns-worship.pdf
    • http://www.gorillawalker.com/medicine-ball-workouts-strengthen-major-and-supporting-muscle-groups-for.pdf
    • http://www.gorillawalker.com/the-complete-book-of-turkish-cooking-all-the-ingredients-techniques.pdf
    • http://www.gorillawalker.com/politische-beteiligung-junger-menschen-grundlagen-perspektiven-fallstudien-german-edition.pdf
    • http://www.gorillawalker.com/emperors-once-more.pdf
    • http://www.gorillawalker.com/umbria-past-and-present.pdf
    • http://www.gorillawalker.com/emotional-freedom-liberate-yourself-from-negative-emotions-and-transform-your.pdf
    • http://www.gorillawalker.com/it-s-all-your-fault-a-lay-person-s-guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.