Malicious PDF — malware analysis report

Static analysis result for SHA-256 843b60ea6cbb5696…

MALICIOUS

PDF

37.2 KB Created: 2020-02-21 02:12:57 +03:00 Authoring application: - (via Acrobat Distiller 7.0.5 (Windows))
MD5: 33dddae75c86c3a105ec2abb1a7fbe00 SHA-1: de0a9cd761f9f61d6ae6811909ec1cfd52809adc SHA-256: 843b60ea6cbb5696dbfae8be492c19d97b7ebc889383f3c3b35ef23171760d6f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8196

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/motorcycling-the-right-way-do-this-not-that-behind-the.pdf
    • http://www.gorillawalker.com/introductory-biostatistics.pdf
    • http://www.gorillawalker.com/lie-group-mathematics-the-math-of-string-theory.pdf
    • http://www.gorillawalker.com/e-study-guide-for-clinical-manifestations-assessment-of-respiratory-disease.pdf
    • http://www.gorillawalker.com/how-to-love-again-moving-from-grief-to-growth.pdf
    • http://www.gorillawalker.com/beneath-the-diamond-sky.pdf
    • http://www.gorillawalker.com/chilling-horror-short-stories-gothic-fantasy.pdf
    • http://www.gorillawalker.com/under-an-onion-moon.pdf
    • http://www.gorillawalker.com/survive-and-prosper-in-the-great-depression-of-2009-2012.pdf
    • http://www.gorillawalker.com/the-girl-of-the-golden-west-an-opera-in-three.pdf
    • http://www.gorillawalker.com/unsettled-legitimacy-political-community-power-and-authority-in-a-global.pdf
    • http://www.gorillawalker.com/your-best-seller-book-5-steps-to-quicker-publishing-success.pdf
    • http://www.gorillawalker.com/real-gangstas-legitimacy-reputation-and-violence-in-the-intergang-environment.pdf
    • http://www.gorillawalker.com/from-beyond-the-unknown-stories-to-stagger-the-imagination-the.pdf
    • http://www.gorillawalker.com/the-school-of-prayer-an-introduction-to-the-divine-office.pdf
    • http://www.gorillawalker.com/gcse-english-text-guide-frankenstein.pdf
    • http://www.gorillawalker.com/losing-that-lovin-feeling-learning-to-fall-out-of-love.pdf
    • http://www.gorillawalker.com/unschooling-a-lifestyle-of-learning.pdf
    • http://www.gorillawalker.com/the-prodigal-abram-s-daughters-4-volume-4-paperback.pdf
    • http://www.gorillawalker.com/practical-business-math-a-performance-approach.pdf
    • http://www.gorillawalker.com/managing-operations-across-the-supply-chain-with-connect-plus.pdf
    • http://www.gorillawalker.com/maximum-penalized-likelihood-estimation-volume-i-density-estimation-springer-series.pdf
    • http://www.gorillawalker.com/litigation-and-arbitration-in-eu-competition-law.pdf
    • http://www.gorillawalker.com/raising-the-stakes-billionaire-rough-sex-backdoor-all-in-book.pdf
    • http://www.gorillawalker.com/primordial-psyche-a-reliving-of-the-soul-of-ancestors-a.pdf
    • http://www.gorillawalker.com/lectures-on-complex-networks-oxford-master-series-in-physics.pdf
    • http://www.gorillawalker.com/the-battle-of-the-river-plate-a-grand-delusion-campaign.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-surgeon-jokes-lots-and-lots.pdf
    • http://www.gorillawalker.com/aids-and-ethics.pdf
    • http://www.gorillawalker.com/ahmad-al-mansur-the-beginnings-of-modern-morocco-makers-of.pdf
    • http://www.gorillawalker.com/ks1-science-year-two-workout-habitats.pdf
    • http://www.gorillawalker.com/the-mermaid-s-mirror.pdf
    • http://www.gorillawalker.com/el-universo-de-las-matematicas-un-recorrido-alfabetico-por-los.pdf
    • http://www.gorillawalker.com/andersen-on-mutual-funds-the-investor-s-game-plan-for.pdf
    • http://www.gorillawalker.com/the-young-athlete-a-sports-doctor-s-complete-guide-for.pdf
    • http://www.gorillawalker.com/elvis-mini-calendar-2015.pdf
    • http://www.gorillawalker.com/el-espanol-en-crucigramas-crossword-puzzle-book-1.pdf
    • http://www.gorillawalker.com/helping-people-forgive.pdf
    • http://www.gorillawalker.com/project-president-bad-hair-and-botox-on-the-road-to.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-strang-s-linear-algebra-and-its.pdf
    • http://www.gorillawalker.com/survive-and-prosper-in-the-great-depression-of-2
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.