Malicious PDF — malware analysis report

Static analysis result for SHA-256 8efc31bcf59b4770…

MALICIOUS

PDF

42.7 KB Created: 2019-03-17 10:24:37 +03:00 Authoring application: Microsoft® Word 2013
MD5: c25f5b09e17146f3d2e2fb6fc3c62628 SHA-1: d33bcb5306cb6a571f1a90a04740bc964e2a7494 SHA-256: 8efc31bcf59b47709f7b043389baa395fad631e337c4f20dc2b9473634bfd56f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this file with high confidence. The embedded URLs point to a website that appears to host a link farm, suggesting a potential SEO manipulation or content distribution scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/frankenstein-penguin-classics-deluxe-edition.pdf
    • http://www.gorillawalker.com/medio-mundo-el-mar-quebrado-2-spanish-edition.pdf
    • http://www.gorillawalker.com/the-cat-who-played-post-office.pdf
    • http://www.gorillawalker.com/pharmaceutical-process-scale-up-third-edition-drugs-and-the-pharmaceutical.pdf
    • http://www.gorillawalker.com/1960-lbj-vs-jfk-vs-nixon-the-epic-campaign-that.pdf
    • http://www.gorillawalker.com/a-study-of-the-masticatory-systerm-dental-anatomy-and-occlusion.pdf
    • http://www.gorillawalker.com/claimed-by-the-falcon-a-sizzling-hot-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/mastering-gto-restorations-suspension-guide-pontiac-gto-1964-1974.pdf
    • http://www.gorillawalker.com/alone-ghost-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/only-you-hair-care.pdf
    • http://www.gorillawalker.com/fruit-and-vegetable-carving-art-works-of-chinese-cooking-teacher.pdf
    • http://www.gorillawalker.com/the-forbidden-rumi-the-suppressed-poems-of-rumi-on-love.pdf
    • http://www.gorillawalker.com/arthur-s-baby-arthur-adventures.pdf
    • http://www.gorillawalker.com/beyond-5-3-1-simple-training-for-extraordinary-results-kindle.pdf
    • http://www.gorillawalker.com/an-account-of-the-island-of-jersey-containing-a-compendium.pdf
    • http://www.gorillawalker.com/billionaires-for-bush-how-to-rule-the-world-for-fun.pdf
    • http://www.gorillawalker.com/modular-functions-and-dirichlet-series-in-number-theory-graduate-texts.pdf
    • http://www.gorillawalker.com/the-tao-of-detox-the-secrets-of-yang-sheng-dao.pdf
    • http://www.gorillawalker.com/disfrutar-el-orgasmo-luna-creciente-spanish-edition.pdf
    • http://www.gorillawalker.com/sinai-gardens-retreats-in-the-sinai-high-mountains.pdf
    • http://www.gorillawalker.com/digital-painting-face-digital-painting-techniques-for-beginners-book-4.pdf
    • http://www.gorillawalker.com/the-complete-blender-cookbook.pdf
    • http://www.gorillawalker.com/crystalline-olefin-polymers-part-ii-volume-xx-part-ii-high.pdf
    • http://www.gorillawalker.com/gettysburg-july-2-1863-confederate-the-army-of-northern-virginia.pdf
    • http://www.gorillawalker.com/the-sauptikaparvan-of-the-mahabharata-the-massacre-at-night-oxford.pdf
    • http://www.gorillawalker.com/beyond-the-river-chebar-studies-in-kingship-and-eschatology-in.pdf
    • http://www.gorillawalker.com/catchment-scale-recharge-modelling-part-4-catchment-scale-recharge-modelling.pdf
    • http://www.gorillawalker.com/databases-organizing-information-digital-information-literacy.pdf
    • http://www.gorillawalker.com/gurps-special-ops-3ed.pdf
    • http://www.gorillawalker.com/lopsided-how-having-breast-cancer-can-be-really-distracting.pdf
    • http://www.gorillawalker.com/sweet-serenity-a-poetic-spiritual-journey.pdf
    • http://www.gorillawalker.com/vasconselos-a-romance-of-the-new-world.pdf
    • http://www.gorillawalker.com/dracula-clasicos-seleccion-series.pdf
    • http://www.gorillawalker.com/structural-dynamics-and-probabilistic-analysis-for-engineers.pdf
    • http://www.gorillawalker.com/i-love-santa-christmas-picture-books.pdf
    • http://www.gorillawalker.com/a-baker-s-field-guide-to-christmas-cookies-baker-s.pdf
    • http://www.gorillawalker.com/vegetation-of-mount-kinabalu-park-sabah-malaysia-map-of-physiognomically.pdf
    • http://www.gorillawalker.com/the-hollow-a-hercule-poirot-mystery-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/pathfinder-player-companion-bastards-of-golarion.pdf
    • http://www.gorillawalker.com/claimed-by-the-falcon-a-sizzling-hot-r
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.