Malicious PDF — malware analysis report

Static analysis result for SHA-256 7369e3d83c21afb9…

MALICIOUS

PDF

35.2 KB Created: 2020-03-13 01:10:28 +03:00 Authoring application: XSL Formatter V4.3 MR8 for Windows (via Acrobat Distiller 7.0.5 (Windows))
MD5: 33c06eb33e2f27d962b96781357256d2 SHA-1: 830b82cfc0641219230b49b8f127027325b84da5 SHA-256: 7369e3d83c21afb9b4ab56219c3e95a24c049ed79763644270c3c3c6a86e9e8a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs point to a website that appears to host a collection of documents, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/once-in-a-lifetime-the-harringtons.pdf
    • http://www.gorillawalker.com/land-of-the-firebird-the-beauty-of-old-russia.pdf
    • http://www.gorillawalker.com/knee-deep-in-claret-celebration-of-wine-and-scotland.pdf
    • http://www.gorillawalker.com/shadowrun-firingline.pdf
    • http://www.gorillawalker.com/golf-basics-a-pyramid-sport-paperback.pdf
    • http://www.gorillawalker.com/mortal-arts-a-lady-darby-mystery.pdf
    • http://www.gorillawalker.com/aleks-360-access-card-11-weeks-for-beginning-and-intermediate.pdf
    • http://www.gorillawalker.com/horse-tamer-s-bride-the.pdf
    • http://www.gorillawalker.com/davis-handbook-of-applied-hydraulics.pdf
    • http://www.gorillawalker.com/mashed-up-music-technology-and-the-rise-of-configurable-culture.pdf
    • http://www.gorillawalker.com/emergency-repair-shelter-for-the-ch47-helicopter.pdf
    • http://www.gorillawalker.com/straight-constructions-of-heterosexuality-in-the-cinema-suny-series-cultural.pdf
    • http://www.gorillawalker.com/fodor-s-pocket-madrid-2001-the-all-in-one-guide.pdf
    • http://www.gorillawalker.com/tertiary-gravels-of-the-sierra-nevada-california.pdf
    • http://www.gorillawalker.com/chrysalids-and-survival.pdf
    • http://www.gorillawalker.com/cry-the-beloved-country-cliffs-notes.pdf
    • http://www.gorillawalker.com/we-own-the-night-way-of-the-vampire-kindle-edition.pdf
    • http://www.gorillawalker.com/loveblood.pdf
    • http://www.gorillawalker.com/traveling-to-america-discover-the-top-3-places-you-must.pdf
    • http://www.gorillawalker.com/the-premature-menopause-book-when-the-change-of-life-comes.pdf
    • http://www.gorillawalker.com/homological-algebra-pms-19.pdf
    • http://www.gorillawalker.com/blood-type-a-food-beverage-and-supplemental-lists-kindle-edition.pdf
    • http://www.gorillawalker.com/supercritical-fluid-extraction-technology-applications-and-limitations-materials-science-and.pdf
    • http://www.gorillawalker.com/el-holandes-errante-y-otros-poemas-de-luis-angel-casas.pdf
    • http://www.gorillawalker.com/musculoskeletal-and-congenital-deformities-atlas-of-the-newborn-v-2.pdf
    • http://www.gorillawalker.com/bromine-elements.pdf
    • http://www.gorillawalker.com/soul-seekers-our-call-to-people-and-the-13-challenges.pdf
    • http://www.gorillawalker.com/jane-austen-classic-bbc-radio-full-cast-drama.pdf
    • http://www.gorillawalker.com/history-of-the-31st-canadian-infantry-battalion-c-e-f.pdf
    • http://www.gorillawalker.com/contemporary-class-piano-5th-edition.pdf
    • http://www.gorillawalker.com/tappan-s-handbook-of-massage-therapy-blending-art-with-science.pdf
    • http://www.gorillawalker.com/african-black-soap-how-to-make-it-a-complete-guide.pdf
    • http://www.gorillawalker.com/real-time-analytics-techniques-to-analyze-and-visualize-streaming-data.pdf
    • http://www.gorillawalker.com/atlas-de-rutas-firestone-argentina-sur-de-brasil-chile-paraguay.pdf
    • http://www.gorillawalker.com/california-rules-of-court-federal-district-courts-2011-ed-vol.pdf
    • http://www.gorillawalker.com/a-most-improper-boxed-set-kat-incorrigible-renegade-magic-stolen.pdf
    • http://www.gorillawalker.com/beverly-hills-90210-snide-episode-recaps-season-1.pdf
    • http://www.gorillawalker.com/patmos-speaks-today-understanding-the-new-testament.pdf
    • http://www.gorillawalker.com/modern-small-arms-illustrated-encyclopaedia-of-famous-military-firearms-from.pdf
    • http://www.gorillawalker.com/cowboys-reflections-of-a-black-cowboy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.