Malicious PDF — malware analysis report

Static analysis result for SHA-256 95630559b17ed121…

MALICIOUS

PDF

31.9 KB Created: 2019-11-23 19:48:31 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 11a6cfc9ffff36279aa4f55292409a10 SHA-1: 7944647f74151985bd41a435ba2904373259ebfb SHA-256: 95630559b17ed121ae00ea9fb1dbb4c597925e916d15b9ec94e91b1c3105b2bb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5349

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/road-track-on-jaguar-1974-1982.pdf
    • http://www.gorillawalker.com/kalender-2013-pusteblume-din-a5-1-woche-auf-einer-doppelseite.pdf
    • http://www.gorillawalker.com/hungary-road-atlas-hungarian-edition.pdf
    • http://www.gorillawalker.com/our-nuyorican-thing-the-birth-of-a-self-made-identity.pdf
    • http://www.gorillawalker.com/the-dragons-revenge-tales-from-the-new-earth-book-2.pdf
    • http://www.gorillawalker.com/choice-and-consequence.pdf
    • http://www.gorillawalker.com/reckless-2-nobody-s-girl-urban-books.pdf
    • http://www.gorillawalker.com/girls-in-tears.pdf
    • http://www.gorillawalker.com/self-ancient-and-modern-insights-about-individuality-life-and-death.pdf
    • http://www.gorillawalker.com/quest-for-zero-point-energy-engineering-principles-for-free-energy.pdf
    • http://www.gorillawalker.com/titan-adventure-games-book.pdf
    • http://www.gorillawalker.com/linux-rute-user-s-tutorial-and-exposition-book-only.pdf
    • http://www.gorillawalker.com/the-tea-house.pdf
    • http://www.gorillawalker.com/bukhara-the-medieval-achievement-bibliotheca-iranica-reprint-series.pdf
    • http://www.gorillawalker.com/electromagnetic-simulation-techniques-based-on-the-fdtd-method-wiley-series.pdf
    • http://www.gorillawalker.com/dime-dos-extended-teacher-s-edition-heath.pdf
    • http://www.gorillawalker.com/southwest-dutch-oven-kindle-edition.pdf
    • http://www.gorillawalker.com/mindhunter-inside-the-fbi-s-elite-serial-crime-unit-kindle.pdf
    • http://www.gorillawalker.com/a-kiss-in-every-wave.pdf
    • http://www.gorillawalker.com/on-the-way-to-the-beach.pdf
    • http://www.gorillawalker.com/eliminando-grasas-el-programa-de-nutrici-n-adelgace-m-s.pdf
    • http://www.gorillawalker.com/soldered-alchemy-24-jewelry-projects-using-new-soft-solder-techniques.pdf
    • http://www.gorillawalker.com/discovering-romans-spiritual-revival-for-the-soul.pdf
    • http://www.gorillawalker.com/volkswagen-cars-and-trucks-crestline-series.pdf
    • http://www.gorillawalker.com/accounting-and-finance-for-lawyers-in-a-nutshell-4th-edition.pdf
    • http://www.gorillawalker.com/macmillan-encyclopedia-of-chemistry-4-volume-set.pdf
    • http://www.gorillawalker.com/denver-club-of-1892-knights-templar-of-philadelphia.pdf
    • http://www.gorillawalker.com/quality-of-service-in-optical-packet-switched-networks-ieee-press.pdf
    • http://www.gorillawalker.com/business-studies-for-dummies.pdf
    • http://www.gorillawalker.com/snowboarding-no-limits.pdf
    • http://www.gorillawalker.com/creole-hardcover.pdf
    • http://www.gorillawalker.com/daemons-in-the-mist-a-coming-of-age-paranormal-urban.pdf
    • http://www.gorillawalker.com/fresh-start-for-soup-fresh-start-cookbooks.pdf
    • http://www.gorillawalker.com/arts-in-society-censorship-and-the-arts-volume-iv-number.pdf
    • http://www.gorillawalker.com/great-horror-movie-villains-paper-dolls-psychos-slashers-and-their.pdf
    • http://www.gorillawalker.com/tramp-stamp-a-sissy-tale-humiliation-mind-control-erotica-kindle.pdf
    • http://www.gorillawalker.com/how-to-code-level-3-coding.pdf
    • http://www.gorillawalker.com/reaching-and-teaching-a-call-to-great-commission-obedience.pdf
    • http://www.gorillawalker.com/nine-nights-on-the-windy-tree.pdf
    • http://www.gorillawalker.com/health-care-without-shame-a-handbook-for-the-sexually-diverse.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.