Malicious PDF — malware analysis report

Static analysis result for SHA-256 8f13d2de9f3f7072…

MALICIOUS

PDF

32.6 KB Created: 2019-09-02 22:00:20 +03:00 Authoring application: doPDF Ver 7.3 Build 391 (Windows 7 Home Premium Edition (SP 1) - Version: 6.1.7601 (x64))
MD5: 6683ce71227f3e4278e1543c3553b482 SHA-1: cd07bd8e71612c4f906b0f4237805cfb63c67cc0 SHA-256: 8f13d2de9f3f7072a9353a7bb922bdf4ecba11baaed2b9fec9a20de4e2563b53
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious PDF

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or SEO manipulation tactic. The document body appears to be malformed or heavily obfuscated, preventing a clear understanding of its direct user-facing purpose beyond the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/carrie-g-stevens-maker-of-rangeley-favorite-trout-and-salmon.pdf
    • http://www.gorillawalker.com/fundamentals-of-logic-design-with-companion-cd-rom.pdf
    • http://www.gorillawalker.com/highlander-the-dark-dragon-macinnes-sisters-trilogy-book-3.pdf
    • http://www.gorillawalker.com/chinese-cooking-for-pleasure.pdf
    • http://www.gorillawalker.com/2014-dolphins-deluxe-wall.pdf
    • http://www.gorillawalker.com/optimize-quality-for-business-outcomes-a-practical-approach-to-software.pdf
    • http://www.gorillawalker.com/dynamic-and-seismic-analysis-of-systems-and-components.pdf
    • http://www.gorillawalker.com/atlas-of-plastic-and-reconstructive-periodontal-surgery.pdf
    • http://www.gorillawalker.com/thunder-on-the-mountain-death-at-massey-and-the-dirty.pdf
    • http://www.gorillawalker.com/tide-tables-2002-central-pacific-ocean-and-indian-ocean.pdf
    • http://www.gorillawalker.com/bestiario-del-circo-spanish-edition.pdf
    • http://www.gorillawalker.com/learning-from-the-past-essays-on-reception-catholicity-and-dialogue.pdf
    • http://www.gorillawalker.com/evolution-of-the-nervous-system.pdf
    • http://www.gorillawalker.com/title-finite-mathematics-5e-im.pdf
    • http://www.gorillawalker.com/loquela.pdf
    • http://www.gorillawalker.com/making-healthy-sausages.pdf
    • http://www.gorillawalker.com/practical-lubrication-for-industrial-facilities.pdf
    • http://www.gorillawalker.com/coaching-baseball-in-the-seventies.pdf
    • http://www.gorillawalker.com/living-la-vida-loca-in-costa-rica-kindle-edition.pdf
    • http://www.gorillawalker.com/easter-egg-stickers-dover-little-activity-books-stickers.pdf
    • http://www.gorillawalker.com/adagio-on-celtic-melodies-op-56-orchestra-score-parts-bassoon.pdf
    • http://www.gorillawalker.com/rescue-in-the-bermuda-triangle-an-isabel-soto-investigation-graphic.pdf
    • http://www.gorillawalker.com/i-ll-always-call-you-sweetheart-song-with-ukulele-arrangement.pdf
    • http://www.gorillawalker.com/reconciled-for-easter-willow-park-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/federal-veterans-laws-rules-and-regulations-2014-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/in-a-prominent-bar-in-secaucus-new-and-selected-poems.pdf
    • http://www.gorillawalker.com/starting-green-an-ecopreneur-s-toolkit-for-starting-a-green.pdf
    • http://www.gorillawalker.com/facing-the-fire-experiencing-and-expressing-anger-appropriately.pdf
    • http://www.gorillawalker.com/historical-capital-of-bohemia-prague-kindle-edition.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-analog-color-televisions.pdf
    • http://www.gorillawalker.com/cooking-with-meat.pdf
    • http://www.gorillawalker.com/laboratory-manual-for-the-examination-of-water-waste-water-and.pdf
    • http://www.gorillawalker.com/in-close-harmony-the-story-of-the-louvin-brothers-american.pdf
    • http://www.gorillawalker.com/truth-and-fiction-notes-on-exceptional-faith-in-art.pdf
    • http://www.gorillawalker.com/the-bacchae-of-euripides-a-new-version.pdf
    • http://www.gorillawalker.com/making-sense-a-student-s-guide-to-research-and-writing.pdf
    • http://www.gorillawalker.com/the-fostering-geometric-thinking-toolkit-a-guide-for-staff-development.pdf
    • http://www.gorillawalker.com/paraguay-a-commercial-handbook-issue-199.pdf
    • http://www.gorillawalker.com/bible-prophecy-student-guide-spiritual-discovery-series.pdf
    • http://www.gorillawalker.com/economics-for-managers-3rd-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.