Malicious PDF — malware analysis report

Static analysis result for SHA-256 79625f588e67e6ee…

MALICIOUS

PDF

35.5 KB Created: 2020-01-10 17:21:13 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: c09a0632c99be71bdb0a3b99998af8d3 SHA-1: 84fc6243c58d32ed4fc457402f809399f28f9c24 SHA-256: 79625f588e67e6eef47e9bb02ce14375486a8a90af4d063ea70fcac107796e21
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or distribution mechanism. The document body is heavily obfuscated, preventing a clear understanding of its direct purpose, but the link farm strongly indicates a malicious intent, likely to redirect users to harmful websites or download further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/y-tu-que-sabes-what-the-bleep-do-you-we.pdf
    • http://www.gorillawalker.com/be-my-guest.pdf
    • http://www.gorillawalker.com/telemorphosis-theory-in-the-era-of-climate-change-volume-1.pdf
    • http://www.gorillawalker.com/railroad-picture-book-american-antiquarian-society.pdf
    • http://www.gorillawalker.com/guides-routard-chateaux-de-la-loire-2000-1.pdf
    • http://www.gorillawalker.com/entre-m-moire-et-pouvoir-islamic-history-and-civilization-french.pdf
    • http://www.gorillawalker.com/sam-had-a-stroke.pdf
    • http://www.gorillawalker.com/misdirection.pdf
    • http://www.gorillawalker.com/euthanasia-all-that-matters-by-huxtable-richard-2013-paperback.pdf
    • http://www.gorillawalker.com/queer-theory-law-culture-empire.pdf
    • http://www.gorillawalker.com/straightjacket-kindle-edition.pdf
    • http://www.gorillawalker.com/combinatorial-pattern-matching.pdf
    • http://www.gorillawalker.com/the-complete-dusty-springfield.pdf
    • http://www.gorillawalker.com/automotive-excellence-student-edition-volume-1.pdf
    • http://www.gorillawalker.com/play-therapy-interventions-to-enhance-resilience-creative-arts-and-play.pdf
    • http://www.gorillawalker.com/transcending-traditions-thurayya-al-baqsami-a-creative-compilation-poetry-prose.pdf
    • http://www.gorillawalker.com/the-southern-belle-s-handbook-sissy-leblanc-s-rules-to.pdf
    • http://www.gorillawalker.com/cowboy-romp-cowboy-sex-story-short-and-sweet-sky-ashton.pdf
    • http://www.gorillawalker.com/my-life-as-a-furry-red-monster-what-being-elmo.pdf
    • http://www.gorillawalker.com/sex-criminals-volume-1-tp.pdf
    • http://www.gorillawalker.com/a-study-of-pediatric-emergency-room-utilization-and-implications-at.pdf
    • http://www.gorillawalker.com/nystce-last-liberal-arts-and-science-test-001-teacher-certification.pdf
    • http://www.gorillawalker.com/venables-england-the-making-of-the-team.pdf
    • http://www.gorillawalker.com/creative-training-idea-book-the-inspired-tips-and-techniques-for.pdf
    • http://www.gorillawalker.com/xenology-notes-and-research-from-the-alien-bestiary-of-biegel.pdf
    • http://www.gorillawalker.com/blue-island-s-raceway-park-images-of-america.pdf
    • http://www.gorillawalker.com/an-ill-fated-fort-the-true-story-of-young-colonist.pdf
    • http://www.gorillawalker.com/training-and-racing-with-a-power-meter-2nd-ed-kindle.pdf
    • http://www.gorillawalker.com/mozan-s-racing-numerology.pdf
    • http://www.gorillawalker.com/born-to-run-the-brittany-young-story-touchdown-edition-future.pdf
    • http://www.gorillawalker.com/craquez-pour-les-tartes-tatins-crumbles-meringu-es-sal-es.pdf
    • http://www.gorillawalker.com/beginning-apologetics-9-how-to-answer-muslims.pdf
    • http://www.gorillawalker.com/inner-yearnings-16-tales-of-sensual-suspense.pdf
    • http://www.gorillawalker.com/sweet-dreams-lust-of-an-incubus-gay-tentacle-erotica.pdf
    • http://www.gorillawalker.com/sharepoint-2010-for-project-management.pdf
    • http://www.gorillawalker.com/divine-guidance-oracle-cards.pdf
    • http://www.gorillawalker.com/principles-of-physical-geology-dantes-dsst-test-study-guide-pass.pdf
    • http://www.gorillawalker.com/a-letter-from-frank-the-second-world-war-through-the.pdf
    • http://www.gorillawalker.com/employee-policy-handbook-template-kindle-edition.pdf
    • http://www.gorillawalker.com/the-complete-works-of-mark-twain-the-novels-short-stories.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.