Malicious PDF — malware analysis report

Static analysis result for SHA-256 92ba5258e6572270…

MALICIOUS

PDF

43.7 KB Created: 2019-04-09 01:13:55 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5.1) (via Adobe PDF Library 9.9) First seen: 2021-06-28
MD5: 958954a2c2808f7fc2e06303dbab12fc SHA-1: a2ddae368781a1075a25db45aee3a2573e09d50b SHA-256: 92ba5258e657227016766539784311e8934e3d15d10d1b89a76ec9ac13895512
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests the document is designed to manipulate search engine rankings or to act as a gateway to a large collection of potentially malicious content. While no scripts were explicitly extracted, the nature of the embedded links and the ML classifier's high confidence score point towards a malicious intent, likely related to distributing further malware or phishing content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/near-zero-new-frontiers-of-physics.pdf In PDF document text
    • http://www.gorillawalker.com/psychopharmacology-of-atypical-antipsychotics-part-1.pdfIn PDF document text
    • http://www.gorillawalker.com/building-imaginary-worlds-the-theory-and-history-of-subcreation.pdfIn PDF document text
    • http://www.gorillawalker.com/honestly-healthy-cleanse.pdfIn PDF document text
    • http://www.gorillawalker.com/beyond-leadership-the-governmental-role-of-the-attendants-of-the.pdfIn PDF document text
    • http://www.gorillawalker.com/chapter-002-international-monetary-arrangements-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/ancient-civilizations-and-ruins-of-turkey-from-prehistoric-times-until.pdfIn PDF document text
    • http://www.gorillawalker.com/the-sopranos-tv-milestones-series.pdfIn PDF document text
    • http://www.gorillawalker.com/mechanics-of-machinery.pdfIn PDF document text
    • http://www.gorillawalker.com/surfing-the-ultimate-pleasure.pdfIn PDF document text
    • http://www.gorillawalker.com/new-myeconlab-with-pearson-etext-access-card-for-macroeconomics-principles.pdfIn PDF document text
    • http://www.gorillawalker.com/writing-the-south-seas-imagining-the-nanyang-in-chinese-and.pdfIn PDF document text
    • http://www.gorillawalker.com/beastie-boys-hip-hop-stars.pdfIn PDF document text
    • http://www.gorillawalker.com/f-86-sabre-in-color-fighting-colors-series-6502.pdfIn PDF document text
    • http://www.gorillawalker.com/the-baltic-straits-international-straits-of-the-world-v-6.pdfIn PDF document text
    • http://www.gorillawalker.com/social-science-research-design-and-statistics-a-practitioner-s-guide.pdfIn PDF document text
    • http://www.gorillawalker.com/biblia-joven-spanish-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/you-wish.pdfIn PDF document text
    • http://www.gorillawalker.com/law-and-reorder-legal-industry-solutions-for-restructure-retention-promotion.pdfIn PDF document text
    • http://www.gorillawalker.com/cantata-no-62-nun-komm-der-heiden-heiland-satb-with.pdfIn PDF document text
    • http://www.gorillawalker.com/the-sack-of-panam.pdfIn PDF document text
    • http://www.gorillawalker.com/the-christian-future-and-the-fate-of-earth-ecology-and.pdfIn PDF document text
    • http://www.gorillawalker.com/juego-de.pdfIn PDF document text
    • http://www.gorillawalker.com/metallica-the-complete-illustrated-history.pdfIn PDF document text
    • http://www.gorillawalker.com/c-mo-podemos-educar-a-los-ni-as-y-ni.pdfIn PDF document text
    • http://www.gorillawalker.com/hand-book-of-color-photography.pdfIn PDF document text
    • http://www.gorillawalker.com/how-to-dictate-your-writing-like-it-s-2015-the.pdfIn PDF document text
    • http://www.gorillawalker.com/johannesburg-kruger-national-park-focus-guide-footprint-focus.pdfIn PDF document text
    • http://www.gorillawalker.com/bundle-ballantine-our-social-world-4e-electronic-version.pdfIn PDF document text
    • http://www.gorillawalker.com/quick-and-easy-vegan-slow-cooking-more-than-150-tasty.pdfIn PDF document text
    • http://www.gorillawalker.com/the-john-wesley-code-finding-a-faith-that-matters.pdfIn PDF document text
    • http://www.gorillawalker.com/critical-discourse-analysis-the-critical-study-of-language.pdfIn PDF document text
    • http://www.gorillawalker.com/guide-to-american-literature-and-its-backgrounds-since-1890.pdfIn PDF document text
    • http://www.gorillawalker.com/firstborn-a-novel.pdfIn PDF document text
    • http://www.gorillawalker.com/legislacion-sobre-seguridad-y-salud-en-el-trabajo-legislation-on.pdfIn PDF document text
    • http://www.gorillawalker.com/how-to-be-parisian-wherever-you-are-love-style-and.pdfIn PDF document text
    • http://www.gorillawalker.com/counseling-the-adolescent-individual-family-and-school-interventions.pdfIn PDF document text
    • http://www.gorillawalker.com/turbo-like-codes-design-for-high-speed-decoding.pdfIn PDF document text
    • http://www.gorillawalker.com/keep-it-simple-weight-watchers-recipe-collection.pdfIn PDF document text
    • http://www.gorillawalker.com/soup-kitchen-meals-boston-baked-beans-for-500-kindle-edition.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text