Malicious PDF — malware analysis report

Static analysis result for SHA-256 928c7b8264a468aa…

MALICIOUS

PDF

34.2 KB Created: 2020-01-17 19:19:12 +03:00 Authoring application: Microsoft® Word 2010 (via Acrobat Distiller 11.0 (Windows))
MD5: 4cbefc7c6909bf6a633d9fb5eb8cc73e SHA-1: 62d5df16651382ea20bccdc81b00fcd9bc525a82 SHA-256: 928c7b8264a468aa1e889be081ee54bd724e652ef2d5a84d0e02b33de7d42d8c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a distribution mechanism for further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-new-science-of-love-how-understanding-your-brain-s.pdf
    • http://www.gorillawalker.com/cd-for-shipley-mcafee-s-assessment-in-speech-language-pathology.pdf
    • http://www.gorillawalker.com/forensic-linguistics-an-introduction-to-language-in-the-justice-system.pdf
    • http://www.gorillawalker.com/get-even-2-more-dirty-tricks-from-the-master-of.pdf
    • http://www.gorillawalker.com/inside-look-at-what-s-wrong-with-your-chess.pdf
    • http://www.gorillawalker.com/interactive-storytelling-techniques-for-21st-century-fiction-kindle-edition.pdf
    • http://www.gorillawalker.com/polymer-phase-diagrams-a-textbook.pdf
    • http://www.gorillawalker.com/a-maid-s-tale-trying-to-keep-my-green-card.pdf
    • http://www.gorillawalker.com/equity-growth-and-community-what-the-nation-can-learn-from.pdf
    • http://www.gorillawalker.com/susanna-wesley-mother-of-methodism.pdf
    • http://www.gorillawalker.com/messianic-thought-outside-theology.pdf
    • http://www.gorillawalker.com/cadence-of-consequences-the-chronicles-of-xannia-book-2.pdf
    • http://www.gorillawalker.com/el-diosero-y-otros-cuentos-en-la-voz-de-roberto.pdf
    • http://www.gorillawalker.com/i-am-a-red-dress-incantations-on-a-grandmother-a.pdf
    • http://www.gorillawalker.com/math-for-welders-instructor.pdf
    • http://www.gorillawalker.com/jasmine-and-stars-reading-more-than-lolita-in-tehran-islamic.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-bookroom-package-grade-5.pdf
    • http://www.gorillawalker.com/mean-free-path.pdf
    • http://www.gorillawalker.com/bio-booster-armor-guyver-comic-book-terrifying-no-7-1994.pdf
    • http://www.gorillawalker.com/financial-freedom-a-step-by-step-practical-guide-for-walking.pdf
    • http://www.gorillawalker.com/spiders-of-the-north-woods.pdf
    • http://www.gorillawalker.com/raw-indian-recipes-raw-fusion-kindle-edition.pdf
    • http://www.gorillawalker.com/vapour-phase-chromatography-proceedings-of-the-symposium-sponsored-by-the.pdf
    • http://www.gorillawalker.com/dawn-volume-3-three-tiers.pdf
    • http://www.gorillawalker.com/bioethics-public-health-law-2nd-edition.pdf
    • http://www.gorillawalker.com/the-ordination-of-exempt-religious-1955-cua-studies-in-canon.pdf
    • http://www.gorillawalker.com/wolverine-origins-vol-2-savior-v-2.pdf
    • http://www.gorillawalker.com/phytopharmacy-an-evidence-based-guide-to-herbal-medicinal-products.pdf
    • http://www.gorillawalker.com/debauched-desires-bundle-rough-bdsm-mmf.pdf
    • http://www.gorillawalker.com/discover-columbus-urban-tapestry-series.pdf
    • http://www.gorillawalker.com/amateur-radio-goes-camping-rving-the-illustrated-qsl-card-history.pdf
    • http://www.gorillawalker.com/human-physiology-workbook.pdf
    • http://www.gorillawalker.com/wings-of-war-wwii-hawker-hurricane-kusnetsov.pdf
    • http://www.gorillawalker.com/disaster-risk-and-vulnerability-mitigation-through-mobilizing-communities-and-partnerships.pdf
    • http://www.gorillawalker.com/divide.pdf
    • http://www.gorillawalker.com/fumbling-toward-divinity-the-adoption-scriptures.pdf
    • http://www.gorillawalker.com/directory-of-lawyers-practicing-disability-law.pdf
    • http://www.gorillawalker.com/talking-to-eating-disorders-simple-ways-to-support-someone-with.pdf
    • http://www.gorillawalker.com/dark-defender-paladins-of-darkness-book-2.pdf
    • http://www.gorillawalker.com/creative-anchoring-everything-about-anchors-and-anchoring.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.