Malicious PDF — malware analysis report

Static analysis result for SHA-256 79d1c506eedbe0b7…

MALICIOUS

PDF

44.8 KB Created: 2019-03-18 07:47:21 +03:00 Authoring application: Adobe PageMaker 6.52 (via Acrobat Distiller 3.01 for Windows)
MD5: 56c8ca575c652d901e23a36f71473607 SHA-1: 5d98f283d2454690ced962effb75581803a45baf SHA-256: 79d1c506eedbe0b753214e66addc68cfd7266d3d2fcf19d33c491fd479b0f694
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs likely serve as a link farm to distribute traffic or host malicious content, although no specific payload delivery mechanism was identified within the document body or scripts.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/summer-bridge-reading-activities-2nd-to-3rd-grade.pdf
    • http://www.gorillawalker.com/black-noon-the-year-they-stopped-the-indy-500.pdf
    • http://www.gorillawalker.com/constantin-brancusi-moma-artist-series.pdf
    • http://www.gorillawalker.com/martin-luther-king-the-peaceful-warrior.pdf
    • http://www.gorillawalker.com/introduction-a-la-geomorphologie-climatique.pdf
    • http://www.gorillawalker.com/eyewitness-to-science-scientists-and-writers-illuminate-natural-phenomena-from.pdf
    • http://www.gorillawalker.com/dehydrating-at-home-getting-the-best-from-your-dehydrator-from.pdf
    • http://www.gorillawalker.com/heavenly-mathematics-the-forgotten-art-of-spherical-trigonometry.pdf
    • http://www.gorillawalker.com/prevention-of-malocclusion.pdf
    • http://www.gorillawalker.com/healing-psoriasis-the-natural-alternative.pdf
    • http://www.gorillawalker.com/h-is-for-hanoi-alphabetical-world.pdf
    • http://www.gorillawalker.com/the-warren-buffett-way-3rd-edition-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/pink-panic-transgender-guide-to-the-universe-book-1.pdf
    • http://www.gorillawalker.com/deadmachinecity.pdf
    • http://www.gorillawalker.com/vision-for-america-a-swiss-economist-comments-on-american-politics.pdf
    • http://www.gorillawalker.com/the-eyes-and-the-smiles-inspired-by-a-true-story.pdf
    • http://www.gorillawalker.com/pro-drupal-7-crm-with-civicrm.pdf
    • http://www.gorillawalker.com/die-elektronenmikroskopische-struktur-der-eizelle-advances-in-anatomy-embryology-and.pdf
    • http://www.gorillawalker.com/mansfield-park-tantor-unabridged-classics.pdf
    • http://www.gorillawalker.com/schumann-robert-fantasy-pieces-op-73-for-cello-and-piano.pdf
    • http://www.gorillawalker.com/aurki-japonian-vol-1-basque-edition.pdf
    • http://www.gorillawalker.com/the-2nd-new-mammoth-book-of-word-games.pdf
    • http://www.gorillawalker.com/lonely-planet-british-columbia-the-canadian-rockies-regional-travel-guide.pdf
    • http://www.gorillawalker.com/new-results-in-numerical-and-experimental-fluid-mechanics-iii-contributions.pdf
    • http://www.gorillawalker.com/the-reader-s-companion-to-world-literature.pdf
    • http://www.gorillawalker.com/canto.pdf
    • http://www.gorillawalker.com/sit-solve-bunny-slope-easy-sudoku-sit-solve-series.pdf
    • http://www.gorillawalker.com/pre-algebra-by-design.pdf
    • http://www.gorillawalker.com/art-100-questions-to-answer-with-the-electronic-bippen-bipquiz.pdf
    • http://www.gorillawalker.com/death-walked-in-death-on-demand-mysteries-no-18.pdf
    • http://www.gorillawalker.com/it-s-all-about-change-the-greatest-challenge-to-create.pdf
    • http://www.gorillawalker.com/brain-games-7-lower-your-brain-age-in-minutes-a.pdf
    • http://www.gorillawalker.com/german-grammar.pdf
    • http://www.gorillawalker.com/indiana-trees-wildflowers-a-folding-pocket-guide-to-familiar-species.pdf
    • http://www.gorillawalker.com/game-dog-the-hunter-s-retriever-for-upland-birds-and.pdf
    • http://www.gorillawalker.com/the-lady-of-the-lake-restrained-elegance-photo-book-book.pdf
    • http://www.gorillawalker.com/leukemia-an-entry-from-uxl-s-uxl-complete-health-resource.pdf
    • http://www.gorillawalker.com/dsst-principles-of-supervision-exam-secrets-study-guide-dsst-test.pdf
    • http://www.gorillawalker.com/the-dynamics-of-nuclear-proliferation.pdf
    • http://www.gorillawalker.com/work-quake-making-the-seismic-shift-to-a-knowledge-economy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.