Malicious PDF — malware analysis report

Static analysis result for SHA-256 837206559fb22701…

MALICIOUS

PDF

43.5 KB Created: 2018-12-14 20:59:51 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 6bcca0dd9051a470a5b884cd454fbd48 SHA-1: 84039db425a2ebebc81b137acba256e815083d33 SHA-256: 837206559fb227017517762560dd49b0ef3ba8e180e1729850b7473a11bb97b2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a link farm, indicating the presence of numerous external links. The document body, though heavily obfuscated, contains embedded URLs pointing to a domain that hosts many PDF files. This suggests the primary purpose is to direct users to a large collection of external documents, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/losing-touch-with-nature-literature-and-the-new-science-in.pdf
    • http://www.gorillawalker.com/global-shift-mapping-the-changing-contours-of-the-world-economy.pdf
    • http://www.gorillawalker.com/visual-diagnosis-and-care-of-the-patient-with-special-needs.pdf
    • http://www.gorillawalker.com/the-idea-of-the-labyrinth-from-classical-antiquity-through-the.pdf
    • http://www.gorillawalker.com/old-macdonald-s-farm-and-other-classic-rhymes-with-over.pdf
    • http://www.gorillawalker.com/operations-rules-delivering-customer-value-through-flexible-operations-by-david.pdf
    • http://www.gorillawalker.com/make-your-move-from-restaurant-management-to-a-career-in.pdf
    • http://www.gorillawalker.com/microlight-pilot-s-handbook-8th-edition.pdf
    • http://www.gorillawalker.com/death-on-the-reik-warhammer-fantasy-roleplay-v-9.pdf
    • http://www.gorillawalker.com/clinical-neurophysiology.pdf
    • http://www.gorillawalker.com/matlock-bath.pdf
    • http://www.gorillawalker.com/testing-the-truth-suspended.pdf
    • http://www.gorillawalker.com/tease-trilogy-kindle-edition.pdf
    • http://www.gorillawalker.com/here-s-hoping-waltz-song-with-ukulele-arrangement.pdf
    • http://www.gorillawalker.com/the-best-169-law-schools-2016-edition-graduate-school-admissions.pdf
    • http://www.gorillawalker.com/favourite-irish-legends-best-loved-tales-from-ireland.pdf
    • http://www.gorillawalker.com/the-queer-encyclopedia-of-the-visual-arts.pdf
    • http://www.gorillawalker.com/claiming-her-warriors.pdf
    • http://www.gorillawalker.com/annales-annabac-2016-svt-tle-s-sp-cifique-sp-cialit.pdf
    • http://www.gorillawalker.com/mummymaze-tomb-treasures-maze-book.pdf
    • http://www.gorillawalker.com/ez-solutions-test-prep-series-math-review-applications-gmat-edition.pdf
    • http://www.gorillawalker.com/future-lovecraft.pdf
    • http://www.gorillawalker.com/new-tools-for-managing-heart-disease-cancer-and-arthritis.pdf
    • http://www.gorillawalker.com/taunton-s-kidspace-idea-book-creative-playrooms-clever-storage-ideas.pdf
    • http://www.gorillawalker.com/microsoft-sharepoint-2013-pocket-guide-other-sams.pdf
    • http://www.gorillawalker.com/album-f-r-die-jugend-op-68-erste-abteilung-for.pdf
    • http://www.gorillawalker.com/scientists-the-lives-and-works-of-150-scientists.pdf
    • http://www.gorillawalker.com/periodoncia-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-child-nutrition-3rd-edition.pdf
    • http://www.gorillawalker.com/studyguide-for-critical-care-transport-by-aaos-isbn-9781449642587.pdf
    • http://www.gorillawalker.com/colonel-john-pelham-lee-s-boy-artillerist.pdf
    • http://www.gorillawalker.com/alice-100-postcards-from-wonderland.pdf
    • http://www.gorillawalker.com/the-broons-wee-book-of-wit-and-wisdom.pdf
    • http://www.gorillawalker.com/insight-flexi-map-guernsey-insight-flexi-maps.pdf
    • http://www.gorillawalker.com/cassafire-kindle-edition.pdf
    • http://www.gorillawalker.com/human-behavior-and-the-social-environment-social-systems-theory-7th.pdf
    • http://www.gorillawalker.com/slutty-housewives-adult-picture-book-volume-5.pdf
    • http://www.gorillawalker.com/selected-bibliography-on-the-arab-gulf-oceanography-and-fisheries.pdf
    • http://www.gorillawalker.com/the-life-and-travels-of-john-bartram-from-lake-ontario.pdf
    • http://www.gorillawalker.com/it-s-our-turn-to-eat-the-story-of-a.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.