Malicious PDF — malware analysis report

Static analysis result for SHA-256 82693ae861a15a14…

MALICIOUS

PDF

33.6 KB Created: 2020-02-19 09:26:26 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: 04c512c236c3f97a65408b8992774dcb SHA-1: cc0d0c507630cb06312a0431e245931f93afdca4 SHA-256: 82693ae861a15a14e5b213b33ff1470c308e77561c2b7773663d8915548e925c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a website hosting numerous PDF documents, potentially for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/autobiographies-of-a-lump-of-coal-a-grain-of-salt.pdf
    • http://www.gorillawalker.com/and-not-to-harm-you-a-true-story-of-child.pdf
    • http://www.gorillawalker.com/understanding-power-the-indispensable-chomsky-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/sunset-landscaping-with-stone-natural-looking-paths-steps-walls-water.pdf
    • http://www.gorillawalker.com/endothelium-nitric-oxide-and-atherosclerosis-from-basic-mechanisms-to-clinical.pdf
    • http://www.gorillawalker.com/living-newport-houses-people-style.pdf
    • http://www.gorillawalker.com/no-choice-kindle-edition.pdf
    • http://www.gorillawalker.com/beano-annual-2005.pdf
    • http://www.gorillawalker.com/government-phone-book-usa-a-comprehensive-guide-to-federal-state.pdf
    • http://www.gorillawalker.com/from-our-grandmothers-kitchens-america-s-test-kitchen.pdf
    • http://www.gorillawalker.com/wok-and-stir-fry-cooking-exciting-ideas-for-delicious-meals.pdf
    • http://www.gorillawalker.com/2009-international-property-maintenance-code.pdf
    • http://www.gorillawalker.com/fast-forward-key-issues-in-modernizing-the-u-s-freight.pdf
    • http://www.gorillawalker.com/great-source-aim-reading-comprehension-student-edition-grade-8-aim.pdf
    • http://www.gorillawalker.com/modelleisenbahn-oktorail-im-grugapark-in-essen-in-spur-h0-die.pdf
    • http://www.gorillawalker.com/human-origins-what-bones-and-genomes-tell-us-about-ourselves.pdf
    • http://www.gorillawalker.com/art-after-metaphysics.pdf
    • http://www.gorillawalker.com/the-guide-to-owning-oscars.pdf
    • http://www.gorillawalker.com/barron-s-nclex-rn-flash-cards.pdf
    • http://www.gorillawalker.com/g-protein-signaling-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/challenges-facing-social-security-disability-programs-in-the-21st-century.pdf
    • http://www.gorillawalker.com/the-wolf-in-cio-s-clothing-a-machiavellian-strategy-for.pdf
    • http://www.gorillawalker.com/strategic-management-and-organisational-dynamics-the-challenge-of-complexity-to.pdf
    • http://www.gorillawalker.com/imperial-armour-modelling-masterclass-2-volume-two.pdf
    • http://www.gorillawalker.com/umwelt-und-schule-beitr-ge-zu-fragen-der-umwelterziehung-unter.pdf
    • http://www.gorillawalker.com/the-princess-and-the-pea-super-why.pdf
    • http://www.gorillawalker.com/a-peek-into-my-church.pdf
    • http://www.gorillawalker.com/hurricane-hex-charmed.pdf
    • http://www.gorillawalker.com/battlestar-galactica-the-unoffical-companion.pdf
    • http://www.gorillawalker.com/law-and-revelation-richard-hooker-and-his-writings-canterbury-studies.pdf
    • http://www.gorillawalker.com/qu-es-la-corte-suprema-mi-primera-gu-a-acerca.pdf
    • http://www.gorillawalker.com/population-genetics.pdf
    • http://www.gorillawalker.com/dark-souls-ii-collector-s-edition-strategy-guide.pdf
    • http://www.gorillawalker.com/the-trafficantes-godfathers-from-tampa-florida-the-mafia-the-cia.pdf
    • http://www.gorillawalker.com/new-zealand-culture-smart-the-essential-guide-to-customs-culture.pdf
    • http://www.gorillawalker.com/time-patrol-area-51-the-nightstalkers-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/i-ain-t-no-pig-farmer-kindle-edition.pdf
    • http://www.gorillawalker.com/the-idea-of-epic-eidos-studies-in-classical-kinds.pdf
    • http://www.gorillawalker.com/low-cholesterol-lower-calorie-desserts.pdf
    • http://www.gorillawalker.com/robot-takeover-100-iconic-robots-of-myth-popular-culture-real.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.