Malicious PDF — malware analysis report

Static analysis result for SHA-256 720f60aa983c9d3a…

MALICIOUS

PDF

41.5 KB Created: 2018-11-15 18:31:36 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Adobe Acrobat 8.2)
MD5: decee2c1d6abded692cc2cf2081e8fb0 SHA-1: 67618f74a30453c9dfc7e23ad5a4a41314e44ca3 SHA-256: 720f60aa983c9d3a9540d70d98b86a6509e3d85a3f834f10221439d9bb1ca69c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to distribute further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flags the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8856

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/god-still-speaks-are-we-listening-kindle-edition.pdf
    • http://www.gorillawalker.com/judicial-process-in-america-kindle-edition.pdf
    • http://www.gorillawalker.com/growing-in-ministry-using-critical-incident-analysis-in-pastoral-care.pdf
    • http://www.gorillawalker.com/i-am-the-law.pdf
    • http://www.gorillawalker.com/novel-optical-systems-design-and-optimization-iv-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/les-volcans-de-lanzarote-des-champs-de-lave-des-crateres.pdf
    • http://www.gorillawalker.com/commercial-trucks-motorbooks-international-crestline.pdf
    • http://www.gorillawalker.com/a-disposition-to-be-rich-ferdinand-ward-the-greatest-swindler.pdf
    • http://www.gorillawalker.com/camping-alaska-a-guide-to-nearly-300-of-the-state.pdf
    • http://www.gorillawalker.com/the-cthulhu-crisis-argon-adventures-2.pdf
    • http://www.gorillawalker.com/the-mixellany-guide-to-gin.pdf
    • http://www.gorillawalker.com/as-you-like-it-new-variorum-edition-of-shakespeare.pdf
    • http://www.gorillawalker.com/the-family-dog-its-choice-and-training.pdf
    • http://www.gorillawalker.com/anarchist-farm.pdf
    • http://www.gorillawalker.com/herbergen-der-christenheit-jahrbuch-fur-deutsche-kirchengeschichte-german-edition.pdf
    • http://www.gorillawalker.com/mastering-fourth-grade-skills-canadian.pdf
    • http://www.gorillawalker.com/como-curar-la-hipertension-sin-farmacos-salud-natural-spanish-edition.pdf
    • http://www.gorillawalker.com/cyberpunk-stories-of-hardware-software-wetware-evolution-and-revolution.pdf
    • http://www.gorillawalker.com/staying-dry-a-practical-guide-to-bladder-control.pdf
    • http://www.gorillawalker.com/anatomy-of-strength-and-conditioning-a-trainer-s-guide-to.pdf
    • http://www.gorillawalker.com/ansi-home-measurement-the-power-of-price-per-square-foot.pdf
    • http://www.gorillawalker.com/the-naked-edge.pdf
    • http://www.gorillawalker.com/el-lenguaje-es-una-fuente-de-malos-entendidos-101-literatos.pdf
    • http://www.gorillawalker.com/the-general-factor-of-intelligence-how-general-is-it.pdf
    • http://www.gorillawalker.com/new-suburbanisms.pdf
    • http://www.gorillawalker.com/gay-terrorist-erotica-vol-1-three-explosive-tales-of-violent.pdf
    • http://www.gorillawalker.com/pursuit-of-pride-and-pleasure-pryde-ranch-shifters-book-3.pdf
    • http://www.gorillawalker.com/la-literatura-nazi-en-america-spanish-edition.pdf
    • http://www.gorillawalker.com/a-soldier-s-recollections-leaves-from-the-diary-of-a.pdf
    • http://www.gorillawalker.com/the-controller-s-function-the-work-of-the-managerial-accountant.pdf
    • http://www.gorillawalker.com/ways-of-being-potentiality-and-actuality-in-aristotle-s-metaphysics.pdf
    • http://www.gorillawalker.com/international-responses-to-issues-of-credit-and-over-indebtedness-in.pdf
    • http://www.gorillawalker.com/handbook-of-rehabilitation-psychology.pdf
    • http://www.gorillawalker.com/religion-and-contemporary-liberalism.pdf
    • http://www.gorillawalker.com/11-verbal-reasoning-year-4-5-workbook-1.pdf
    • http://www.gorillawalker.com/where-willy-went-the-big-story-of-a-little-sperm.pdf
    • http://www.gorillawalker.com/seton-gordon-s-scotland-an-anthology.pdf
    • http://www.gorillawalker.com/carrara.pdf
    • http://www.gorillawalker.com/u-s-government-quick-study-academic.pdf
    • http://www.gorillawalker.com/the-macabre-box-a-collection-of-horror-stories-and-strange.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.