Malicious PDF — malware analysis report

Static analysis result for SHA-256 934974172ec35dd2…

MALICIOUS

PDF

33.2 KB Created: 2020-02-21 02:03:20 +03:00 Authoring application: (Infix Pro) (via PDFKit.NET 3.0.58.0)
MD5: 9be1868fabb1f9a3091e35ce053a9c60 SHA-1: 8e4c23f3f9b125918c77208d7d60995a4672b0d4 SHA-256: 934974172ec35dd234f6230d4621cf49d9a5415fa103f5293db9753a5246d1e9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or a method to distribute malicious content. While no scripts were extracted, the sheer volume of links to PDF files on a single domain indicates a coordinated effort to manipulate search engine results or to serve potentially harmful documents. The ML classifier also indicated a high probability of maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mapping-epidemics-watts-reference.pdf
    • http://www.gorillawalker.com/going-global-us-goverment-policy-initial-findings.pdf
    • http://www.gorillawalker.com/command-authority-a-jack-ryan-novel-book-9-kindle-edition.pdf
    • http://www.gorillawalker.com/saving-big-ben-the-uss-franklin-and-father-joseph-t.pdf
    • http://www.gorillawalker.com/chemistry-usborne-illustrated-science-dictionaries.pdf
    • http://www.gorillawalker.com/batman-the-gotham-adventures.pdf
    • http://www.gorillawalker.com/same-sex-marriage-a-legal-background-after-united-states-v.pdf
    • http://www.gorillawalker.com/gato-y-pez-cat-and-fish-spanish-edition-hardcover.pdf
    • http://www.gorillawalker.com/by-american-college-american-college-of-sports-medicine-acsm-s.pdf
    • http://www.gorillawalker.com/small-animal-surgery-secrets-2e.pdf
    • http://www.gorillawalker.com/animal-acupressure-illustrated-the-cat.pdf
    • http://www.gorillawalker.com/entropy-optimization-and-mathematical-programming-international-series-in-operations-research.pdf
    • http://www.gorillawalker.com/the-fourth-crusade-event-and-context.pdf
    • http://www.gorillawalker.com/vision.pdf
    • http://www.gorillawalker.com/nutrition-and-diet-therapy-nutrition-diet-therapy.pdf
    • http://www.gorillawalker.com/billy-the-kid-a-short-and-violent-life.pdf
    • http://www.gorillawalker.com/fight-choreography-the-art-of-non-verbal-dialogue.pdf
    • http://www.gorillawalker.com/david-bailey-flowers-skulls-contacts.pdf
    • http://www.gorillawalker.com/babylon-hardcover.pdf
    • http://www.gorillawalker.com/civilization-the-west-and-the-rest.pdf
    • http://www.gorillawalker.com/the-gourmet-cookbook-more-than-1000-recipes-gourmet-ckbk-none.pdf
    • http://www.gorillawalker.com/the-wicked-city-siren-song-kindle-edition.pdf
    • http://www.gorillawalker.com/is-there-anything-i-can-do-for-you-an-interracial.pdf
    • http://www.gorillawalker.com/petrology-of-metamorphic-rock.pdf
    • http://www.gorillawalker.com/the-squeaky-wheel-complaining-the-right-way-to-get-results.pdf
    • http://www.gorillawalker.com/dangerous-gifts-gender-and-exchange-in-ancient-greece.pdf
    • http://www.gorillawalker.com/the-letters-of-william-lloyd-garrison-volume-iv-from-disunionism.pdf
    • http://www.gorillawalker.com/respiratory-care-equipment-quick-reference-to-respiratory-care-equipment-assembly.pdf
    • http://www.gorillawalker.com/the-p-j-oyster-cookbook.pdf
    • http://www.gorillawalker.com/translating-empire-emulation-and-the-origins-of-political-economy.pdf
    • http://www.gorillawalker.com/skills-transforming-business-toward-s-a-better-skilled-and-more.pdf
    • http://www.gorillawalker.com/baptism-children-and-festivals-in-nain-nunatsiavut-newfoundland-and-labrador.pdf
    • http://www.gorillawalker.com/discovery-a-memoir.pdf
    • http://www.gorillawalker.com/explorations-in-bible-lands-during-the-19th-century.pdf
    • http://www.gorillawalker.com/hunter-seat-equitation.pdf
    • http://www.gorillawalker.com/physics-of-the-atmosphere-iop-expanding-physics.pdf
    • http://www.gorillawalker.com/linear-and-interface-circuits-applications-texas-instruments-electronics-series.pdf
    • http://www.gorillawalker.com/promises-love-baby.pdf
    • http://www.gorillawalker.com/outside-the-box-hand-drawn-packaging-from-around-the-world.pdf
    • http://www.gorillawalker.com/organic-reactions-volume-86.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.