Malicious PDF — malware analysis report

Static analysis result for SHA-256 77e9cb79b72a2619…

MALICIOUS

PDF

35.2 KB Created: 2019-12-13 06:42:06 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: 4429e2a52b03c16c43894a04f0cd3b97 SHA-1: 818b352929f78ab70e2002c8db02b6be06cb2621 SHA-256: 77e9cb79b72a26196d3cacbedd2162406b246550d05894877745253160b21675
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, triggering a critical heuristic for a link farm. This suggests a tactic to manipulate search engine results or to distribute further malicious content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8477

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/2008-national-framing-finish-carpentry-estimator.pdf
    • http://www.gorillawalker.com/the-spy-who-did-me-is-in-basic-training-a.pdf
    • http://www.gorillawalker.com/hurricane-generated-seas-elsevier-ocean-engineering-series.pdf
    • http://www.gorillawalker.com/the-recruiter-s-hiring-secrets-for-getting-a-job-in.pdf
    • http://www.gorillawalker.com/no-kid-ding-around-with-the-health-of-children-in.pdf
    • http://www.gorillawalker.com/an-introduction-to-complex-analysis.pdf
    • http://www.gorillawalker.com/physical-therapies-in-sport-and-exercise.pdf
    • http://www.gorillawalker.com/realistic-butterfly-stickers-dover-little-activity-books-stickers.pdf
    • http://www.gorillawalker.com/xyz-postcode-sector-map-c5-glasgow-city-centre-plastic-coated.pdf
    • http://www.gorillawalker.com/the-responsa-of-the-babylonian-geonim-as-a-source-of.pdf
    • http://www.gorillawalker.com/katherine-graham-woa-women-of-achievement.pdf
    • http://www.gorillawalker.com/vegan-slow-cooker-everyday-vegan-for-beginners-vegan-recipes-vegan.pdf
    • http://www.gorillawalker.com/polymer-dynamics-and-relaxation.pdf
    • http://www.gorillawalker.com/the-down-syndrome-nutrition-handbook-a-guide-to-promoting-healthy.pdf
    • http://www.gorillawalker.com/die-grundgleichungen-der-mechanik-insbesondere-starrer-k-rper-abhandlungen-und.pdf
    • http://www.gorillawalker.com/a-comprehensive-guide-to-sign-language-interpreting-in-europe-2012.pdf
    • http://www.gorillawalker.com/governance-of-it-an-executive-guide-to-iso-iec-38500.pdf
    • http://www.gorillawalker.com/handbook-of-genome-research-two-volume-set-genomics-proteomics-metabolomics.pdf
    • http://www.gorillawalker.com/unbelievable-kindle-edition.pdf
    • http://www.gorillawalker.com/of-two-minds-an-anthropologist-looks-at-american-psychiatry.pdf
    • http://www.gorillawalker.com/we-are-better-than-this-how-government-should-spend-our.pdf
    • http://www.gorillawalker.com/handbook-of-aviation-medicine-and-inflight-medical-emergencies.pdf
    • http://www.gorillawalker.com/the-amboseli-elephants-a-long-term-perspective-on-a-long.pdf
    • http://www.gorillawalker.com/oaks-of-north-america.pdf
    • http://www.gorillawalker.com/port-operations-planning-and-logistics-lloyd-s-practical-shipping-guides.pdf
    • http://www.gorillawalker.com/the-anglo-egyptian-sudan-volume-1.pdf
    • http://www.gorillawalker.com/materials-science-of-polymers-plastics-rubber-blends-and-composites-digital.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-managing-a-portfolio-of-mutual-funds.pdf
    • http://www.gorillawalker.com/hyper-sales-growth-street-proven-systems-processes-how-to-grow.pdf
    • http://www.gorillawalker.com/minor-pleasures-of-york-york-civic-trust-walking-guides.pdf
    • http://www.gorillawalker.com/creative-strategy-in-advertising-wadsworth-series-in-mass-communication.pdf
    • http://www.gorillawalker.com/talking-heads-political-talk-shows-and-their-star-pundits.pdf
    • http://www.gorillawalker.com/soil-mechanics-fundamentals-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-grammar-of-english-revised-edition.pdf
    • http://www.gorillawalker.com/advances-in-trematode-biology.pdf
    • http://www.gorillawalker.com/frommer-s-irreverent-guide-walt-disney-world-orlando.pdf
    • http://www.gorillawalker.com/black-theology-a-critical-assessment-and-annotated-bibliography-bibliographies-and.pdf
    • http://www.gorillawalker.com/sapphique.pdf
    • http://www.gorillawalker.com/king-clarinet-solos-volume-1with-piano-accompaniment-chester-woodwind-series.pdf
    • http://www.gorillawalker.com/vertical-jump-shortcuts-kindle-edition.pdf
    • http://www.pdf-tools.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.