Malicious PDF — malware analysis report

Static analysis result for SHA-256 96c0f3c640b3943c…

MALICIOUS

PDF

34.3 KB Created: 2020-02-08 18:25:27 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 32534480de35bd795a7f7ebd2ab231f0 SHA-1: 79ff3b7db7e9b81e21a5adfed1774e62d07a2335 SHA-256: 96c0f3c640b3943c290bf2e54174b7cb49fdadbe4d47f4351a58640207339a21
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents on the same domain. This suggests a link farm or SEO manipulation tactic. The document body content is heavily obfuscated and does not provide further clues.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sticker-dolly-dressing-fashion-designer-home-designer.pdf
    • http://www.gorillawalker.com/portable-literature-reading-reacting-writing-5th-edition.pdf
    • http://www.gorillawalker.com/arthritis-back-pain-and-osteoporosis-coronary-heart-disease-depression-and.pdf
    • http://www.gorillawalker.com/easy-essays-on-economics-concise-coverage-of-complex-concepts.pdf
    • http://www.gorillawalker.com/proceedings-forty-sixth-annual-meeting-electron-microscopy-society-of-america.pdf
    • http://www.gorillawalker.com/molecular-aggregation-structure-analysis-and-molecular-simulation-of-crystals-and.pdf
    • http://www.gorillawalker.com/found.pdf
    • http://www.gorillawalker.com/atlas-2-atlas-series-kindle-edition.pdf
    • http://www.gorillawalker.com/my-journey-in-mystic-china-old-pu-s-travel-diary.pdf
    • http://www.gorillawalker.com/topographical-dictionary-of-2885-english-emigrants-to-new-england-1620.pdf
    • http://www.gorillawalker.com/difficult-beginnings-three-works-on-the-bodhisattva-path.pdf
    • http://www.gorillawalker.com/union-power-solidarity-and-struggle-in-niagara-working-canadians-books.pdf
    • http://www.gorillawalker.com/spanish-inquisition-1478-1614-an-anthology-of-sources.pdf
    • http://www.gorillawalker.com/job-descriptions-and-leadership-training-in-the-united-methodist-church.pdf
    • http://www.gorillawalker.com/mosby-s-textbook-for-medication-assistants-1e.pdf
    • http://www.gorillawalker.com/todo-dulce.pdf
    • http://www.gorillawalker.com/smart-machines-ibm-s-watson-and-the-era-of-cognitive.pdf
    • http://www.gorillawalker.com/spanish-conversation-quickstudy-academic.pdf
    • http://www.gorillawalker.com/cambridge-latin-anthology-teacher-s-handbook-cambridge-latin-course.pdf
    • http://www.gorillawalker.com/the-civil-wars-of-julia-ward-howe-a-biography.pdf
    • http://www.gorillawalker.com/belgium-immigration-laws-and-regulations-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/the-decline-and-fall-of-the-ottoman-empire.pdf
    • http://www.gorillawalker.com/the-changing-languages-of-europe.pdf
    • http://www.gorillawalker.com/erasmus-colet-and-more-british-library-panizzi-lectures.pdf
    • http://www.gorillawalker.com/poldark-pbs-bbc-season-1-episode-guide.pdf
    • http://www.gorillawalker.com/managing-corporate-communication-a-cross-cultural-approach.pdf
    • http://www.gorillawalker.com/attention-this-book-will-make-you-money-how-to-use.pdf
    • http://www.gorillawalker.com/beyond-the-bottom-line-putting-social-responsibility-to-work-for.pdf
    • http://www.gorillawalker.com/british-columbia-alberta-provincial-map.pdf
    • http://www.gorillawalker.com/zakhor-jewish-history-and-jewish-memory-the-samuel-and-althea.pdf
    • http://www.gorillawalker.com/the-shade-of-swords-jihad-and-the-conflict-between-islam.pdf
    • http://www.gorillawalker.com/credo-vocal-score-for-chorus-of-mixed-vocies-s-a.pdf
    • http://www.gorillawalker.com/mathematicians-are-people-too-stories-from-the-lives-of-great.pdf
    • http://www.gorillawalker.com/design-textbooks-in-civil-engineering-design-of-dams-for-percolation.pdf
    • http://www.gorillawalker.com/the-hustle-irreparable-volume-4.pdf
    • http://www.gorillawalker.com/formula-1-2013-2014-technical-analysis-formula-1-world-championship.pdf
    • http://www.gorillawalker.com/clarice-bean-guess-who-s-babysitting.pdf
    • http://www.gorillawalker.com/voices-of-to-morrow-critical-studies-of-the-new-spirit.pdf
    • http://www.gorillawalker.com/the-collected-poetry-of-nikki-giovanni-1968-1998.pdf
    • http://www.gorillawalker.com/barakamon-vol-6.pdf
    • http://www.gorillawalker.com/molecular-aggregation
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.