Malicious PDF — malware analysis report

Static analysis result for SHA-256 93d20d2113f5f3d5…

MALICIOUS

PDF

46.0 KB Created: 2019-04-06 12:02:49 +03:00 Authoring application: Word 10.0 (via AFPL Ghostscript 8.13)
MD5: 01202673ef19b9cb0bbb591be34e7028 SHA-1: 27ae6ed6a850c7b72fe03f5f96984531fd1fd9fe SHA-256: 93d20d2113f5f3d58b160121a29166be32f7e963f0b104f58d992ad7d9c615ba
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/iso-15500-4-2001-road-vehicles-compressed-natural-gas-cng.pdf
    • http://www.gorillawalker.com/meet-paris-oyster-a-love-affair-with-the-perfect-food.pdf
    • http://www.gorillawalker.com/snoopy-et-le-petit-monde-des-peanuts-tome-5-french.pdf
    • http://www.gorillawalker.com/amphibians-and-reptiles-in-colorado-revised-edition.pdf
    • http://www.gorillawalker.com/market-education-the-unknown-history-idg-s-3-d-visual.pdf
    • http://www.gorillawalker.com/pinocchio-german-edition.pdf
    • http://www.gorillawalker.com/kentucky-state-flip-map.pdf
    • http://www.gorillawalker.com/the-economics-of-audit-quality-private-incentives-and-the-regulation.pdf
    • http://www.gorillawalker.com/speculum-topographicum-or-the-topographicall-glasse-the-english-experience-its.pdf
    • http://www.gorillawalker.com/sea-glass-hearts.pdf
    • http://www.gorillawalker.com/the-evolution-of-john-dewey-s-conception-of-philosophy-and.pdf
    • http://www.gorillawalker.com/one-thousand-years-of-russian-church-music-988-1988-monuments.pdf
    • http://www.gorillawalker.com/the-season-of-creation-a-preaching-commentary.pdf
    • http://www.gorillawalker.com/slam-dunk-4-spanish-edition.pdf
    • http://www.gorillawalker.com/understanding-geographies-of-polarization-and-peripheralization-perspectives-from-central-and.pdf
    • http://www.gorillawalker.com/man-myth-magic-an-illustrated-encyclopedia-of-the-supernatural-volume.pdf
    • http://www.gorillawalker.com/dilthey-and-the-narrative-of-history.pdf
    • http://www.gorillawalker.com/contemporary-design-in-detail-small-environments-contemporary-design-details.pdf
    • http://www.gorillawalker.com/planning-to-win-the-unseen-side-of-coaching-and-building.pdf
    • http://www.gorillawalker.com/electromagnetic-and-electronics-engineering-ii-wit-transactions-on-engineering-sciences.pdf
    • http://www.gorillawalker.com/collective-actions-enhancing-access-to-justice-and-reconciling-multilayer-interests.pdf
    • http://www.gorillawalker.com/last-bridge-home.pdf
    • http://www.gorillawalker.com/hand-wool-combing-and-spinning-a-guide-to-worsteds-from.pdf
    • http://www.gorillawalker.com/planning-estimating-and-control-of-chemical-construction-projects-second-edition.pdf
    • http://www.gorillawalker.com/man-up-40-devotions-for-christian-men-who-want-to.pdf
    • http://www.gorillawalker.com/the-boy-who-fell-into-a-book.pdf
    • http://www.gorillawalker.com/mixing-secrets-for-the-small-studio.pdf
    • http://www.gorillawalker.com/henry-and-mudge-and-a-very-merry-christmas-henry-mudge.pdf
    • http://www.gorillawalker.com/mule-deer-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/vivaldi-violin-string-quartet-sheet-music-collection-cd.pdf
    • http://www.gorillawalker.com/biluca-bimbao-the-frog-who-wanted-to-fly-biluca-bimbao.pdf
    • http://www.gorillawalker.com/federal-regulators-look-to-nullify-bank-d-o-exclusion-bank.pdf
    • http://www.gorillawalker.com/science-and-civilisation-in-china-volume-4-physics-and-physical.pdf
    • http://www.gorillawalker.com/make-love-peace-josei-luv-luv.pdf
    • http://www.gorillawalker.com/12-german-dances-k-586-viola-part-qty-3-a1818.pdf
    • http://www.gorillawalker.com/minnie-and-moo-and-the-haunted-sweater-i-can-read.pdf
    • http://www.gorillawalker.com/the-covert-wolf-bonnie-vanak-mills-boon-nocturne.pdf
    • http://www.gorillawalker.com/given-to-the-dragon-paranormal-size-kink-pregnancy-erotica-kindle.pdf
    • http://www.gorillawalker.com/social-work-in-oncology-supporting-survivors-families-and-caregivers.pdf
    • http://www.gorillawalker.com/the-physics-of-metals.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.