Malicious PDF — malware analysis report

Static analysis result for SHA-256 6fea6e6c8be14c71…

MALICIOUS

PDF

34.1 KB Created: 2019-05-24 00:41:35 +03:00 Authoring application: Documill Publishor 6.3.9.1 by Documill (http://www.documill.com/) (via iText 2.1.6 by 1T3XT)
MD5: 5c926207f0d33688fef69227efbe5b67 SHA-1: 1aa0d631c235614515d4cdc86d33098d4b968584 SHA-256: 6fea6e6c8be14c71662233f962ed4d479b91aee8bce935aa62d4f38b1092b4e4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute further content. No scripts were extracted, and the document body was truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/clinical-methods-of-neuro-ophthalmologic-examination.pdf
    • http://www.gorillawalker.com/being-a-green-mother-incarnations-of-immortality-book-5.pdf
    • http://www.gorillawalker.com/the-colonial-elite-of-early-caracas-formation-and-crisis-1567.pdf
    • http://www.gorillawalker.com/fly-europe-the-complete-guide-to-budget-airline-destinations.pdf
    • http://www.gorillawalker.com/encyclopaedia-of-soviet-fighters-1939-1951.pdf
    • http://www.gorillawalker.com/drawn-with-the-sword-reflections-on-the-american-civil-war.pdf
    • http://www.gorillawalker.com/alcoholics-anonymous.pdf
    • http://www.gorillawalker.com/historical-atlas-of-canada-volume-iii-addressing-the-twentieth-century.pdf
    • http://www.gorillawalker.com/california-its-gold-and-its-inhabitants-volume-2-of-2.pdf
    • http://www.gorillawalker.com/nature-photography-close-up-macro-techniques-in-the-field.pdf
    • http://www.gorillawalker.com/memmler-s-structure-and-function-of-the-human-body-10th.pdf
    • http://www.gorillawalker.com/satan-nun-sex-monster-and-myth-sex-book-1.pdf
    • http://www.gorillawalker.com/t-ai-chi-pa-kua-advanced-techniques-for-all-martial.pdf
    • http://www.gorillawalker.com/the-antic-art-enhancing-children-s-literary-experiences-through-film.pdf
    • http://www.gorillawalker.com/the-food-allergy-plan-a-working-doctor-s-self-help.pdf
    • http://www.gorillawalker.com/drawing-and-detailing-with-solidworks-2009.pdf
    • http://www.gorillawalker.com/alexander-orlov-the-fbi-s-kgb-general.pdf
    • http://www.gorillawalker.com/regionalism-and-rebellion-in-yemen-a-troubled-national-union-cambridge.pdf
    • http://www.gorillawalker.com/dragon-s-law-damon.pdf
    • http://www.gorillawalker.com/an-introduction-to-plato-s-republic.pdf
    • http://www.gorillawalker.com/the-abc-s-of-spirituality-in-business-enlightenment.pdf
    • http://www.gorillawalker.com/also-sprach-zarathustra-op-30-dover-miniature-music-scores.pdf
    • http://www.gorillawalker.com/the-final-conflict-a-tale-of-the-two-witnesses-tears.pdf
    • http://www.gorillawalker.com/i-say-yes-i-say-no-hola-english.pdf
    • http://www.gorillawalker.com/2015-art-nouveau-wall-calendar.pdf
    • http://www.gorillawalker.com/the-best-of-greek-cuisine.pdf
    • http://www.gorillawalker.com/the-age-of-anxiety-a-history-of-america-s-turbulent.pdf
    • http://www.gorillawalker.com/memphis-cookbook-plastic-comb.pdf
    • http://www.gorillawalker.com/consumer-education-and-economics-student-edition.pdf
    • http://www.gorillawalker.com/american-empire-and-the-politics-of-meaning-elite-political-cultures.pdf
    • http://www.gorillawalker.com/how-to-take-it-apart-como-desbaratarlo-zeri-fables-spanish.pdf
    • http://www.gorillawalker.com/bacard-y-la-larga-lucha-por-cuba-spanish-edition.pdf
    • http://www.gorillawalker.com/the-28th-north-carolina-infantry-a-civil-war-history-and.pdf
    • http://www.gorillawalker.com/france-and-england-in-north-america-a-series-of-historical.pdf
    • http://www.gorillawalker.com/der-gestiefelte-kater-ein-kinderm-rchen-in-drei-akten-mit.pdf
    • http://www.gorillawalker.com/modern-coin-manipulations-learn-to-do-magic-tricks-with-coins.pdf
    • http://www.gorillawalker.com/the-self-healing-cookbook-whole-foods-to-balance-body-mind.pdf
    • http://www.gorillawalker.com/fast-metabolism-diet-sandwich-recipes-how-to-raise-your-metabolism.pdf
    • http://www.gorillawalker.com/north-carolina-trivia-weird-wacky-and-wild.pdf
    • http://www.gorillawalker.com/women-s-travel-writings-in-revolutionary-france-chawton-house-library.pdf
    • http://www.documill.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.