Malicious PDF — malware analysis report

Static analysis result for SHA-256 736bfa1e67b16cbe…

MALICIOUS

PDF

33.9 KB Created: 2019-12-11 22:49:39 +03:00 Authoring application: FineReader (via -)
MD5: 260f8a46e1bab461827178232e8c4e10 SHA-1: 4463ee952c5c1d43b590c789b39760c7accebb14 SHA-256: 736bfa1e67b16cbe3f560f24972299462a3c0e82328056dd28d9fc689771f6be
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded external links, identified as a PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine rankings or to serve as a distribution point for further malicious content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-light-and-smith-manual-intertidal-invertebrates-from-central-california.pdf
    • http://www.gorillawalker.com/basic-essentials-weather-forecasting-3rd-edition.pdf
    • http://www.gorillawalker.com/the-joy-of-work-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/curating-merida-city-notebook-for-merida-mexico-a-d-i.pdf
    • http://www.gorillawalker.com/designage-the-art-of-the-decorative-sign.pdf
    • http://www.gorillawalker.com/castle-ruins-of-medieval-england-and-wales-vital-g-vital.pdf
    • http://www.gorillawalker.com/photography-in-california-1945-1980.pdf
    • http://www.gorillawalker.com/managing-human-behavior-in-public-and-nonprofit-organizations.pdf
    • http://www.gorillawalker.com/armed-forces-devotional-book.pdf
    • http://www.gorillawalker.com/to-lhasa-and-beyond-diary-of-the-expedition-to-tibet.pdf
    • http://www.gorillawalker.com/united-states-presidential-elections-1788-1860-the-official-results-by.pdf
    • http://www.gorillawalker.com/rethinking-social-epidemiology-towards-a-science-of-change.pdf
    • http://www.gorillawalker.com/rebuilding-yemen-political-economic-and-social-challenges.pdf
    • http://www.gorillawalker.com/comparative-study-of-marxist-economics-and-new-institutional-economics-chinese.pdf
    • http://www.gorillawalker.com/forced-hot-air-furnaces-troubleshooting-and-repair.pdf
    • http://www.gorillawalker.com/the-early-years-of-a-dutch-colonial-mission-the-karo.pdf
    • http://www.gorillawalker.com/l-p-gartner-s-phd-j-l-hiatt-phd-s.pdf
    • http://www.gorillawalker.com/the-new-history-confessions-and-conversations.pdf
    • http://www.gorillawalker.com/treating-pornography-addiction-the-essential-tools-for-recovery-kindle-edition.pdf
    • http://www.gorillawalker.com/the-wounded-warrior-a-survival-guide-for-when-you-re.pdf
    • http://www.gorillawalker.com/secrets-of-signals-intelligence-during-the-cold-war-and-beyond.pdf
    • http://www.gorillawalker.com/stereotactic-radiosurgery-and-stereotactic-body-radiation-therapy-imaging-in-medical.pdf
    • http://www.gorillawalker.com/crossfire-philosophy-and-the-novel-in-spain-1900-1934-studies.pdf
    • http://www.gorillawalker.com/nonlinear-dynamics-and-chaos-with-applications-to-physics-biology-chemistry.pdf
    • http://www.gorillawalker.com/until-the-end-the-3rd-maris-middleton-mystery-maris-middleton.pdf
    • http://www.gorillawalker.com/motor-learning-and-performance-instructor-s-guide.pdf
    • http://www.gorillawalker.com/a-white-hot-christmas-novella.pdf
    • http://www.gorillawalker.com/calculating-curves-the-mathematics-history-and-aesthetic-appeal-of-t.pdf
    • http://www.gorillawalker.com/bible-cover-large-study-burgundy.pdf
    • http://www.gorillawalker.com/spirituals-for-upper-voices-vocal-score.pdf
    • http://www.gorillawalker.com/der-gro-e-r-tsel-mix-2-mit-ber-100.pdf
    • http://www.gorillawalker.com/structure-reports-organic-section-structure-reports-b.pdf
    • http://www.gorillawalker.com/beyond-disney-the-unofficial-guide-to-universal-orlando-seaworld-the.pdf
    • http://www.gorillawalker.com/compressors-and-modern-process-applications.pdf
    • http://www.gorillawalker.com/baby-gorilla-photographic-and-descriptive-atlas-of-skeleton-muscles-and.pdf
    • http://www.gorillawalker.com/praise-prayers.pdf
    • http://www.gorillawalker.com/the-fall-of-the-third-napoleon.pdf
    • http://www.gorillawalker.com/saunders-manual-of-medical-practice-2e.pdf
    • http://www.gorillawalker.com/brown-cow-green-grass-yellow-mellow-sun.pdf
    • http://www.gorillawalker.com/multisensor-systems-for-chemical-analysis-materials-and-sensors.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.