Malicious PDF — malware analysis report

Static analysis result for SHA-256 97a22ab439fa8e8d…

MALICIOUS

PDF

32.3 KB Created: 2020-01-17 19:19:41 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: 5427912946aa5fb3087f83548cd9d9f8 SHA-1: 33e12835250b503426e27d6b2351fa653a084cf8 SHA-256: 97a22ab439fa8e8d526e32b286c42342ba491e829ef9dd16aa2fda719ffd5f3a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a significant number of embedded URLs pointing to external documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. The document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/performance-study-of-the-law-and-practice-of-entertainment-and.pdf
    • http://www.gorillawalker.com/el-juego-infinito-el-juego-infinito-1-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/a-history-of-ancient-project-management-from-mesopotamia-to-the.pdf
    • http://www.gorillawalker.com/arabian-horses-2012-wall-calendar-30123-12.pdf
    • http://www.gorillawalker.com/coping-successfully-with-prostate-cancer-overcoming-common-problems.pdf
    • http://www.gorillawalker.com/egypt-through-writers-eyes.pdf
    • http://www.gorillawalker.com/brave-and-bold-large-print-edition.pdf
    • http://www.gorillawalker.com/hit-run-trading-the-short-term-stock-traders-bible.pdf
    • http://www.gorillawalker.com/cross-shareholdings-in-japan-a-new-unified-perspective-of-the.pdf
    • http://www.gorillawalker.com/cultural-atlas-of-china-tibet-branch-paperback.pdf
    • http://www.gorillawalker.com/jelly-roll-morton-new-orleans-style-chicago-style-kansas-city.pdf
    • http://www.gorillawalker.com/the-mechanics-of-machines.pdf
    • http://www.gorillawalker.com/swear-to-god-the-promise-and-power-of-the-sacraments.pdf
    • http://www.gorillawalker.com/i-still-love-you-dad-side-by-side.pdf
    • http://www.gorillawalker.com/rpg-skills-accelerator.pdf
    • http://www.gorillawalker.com/fodor-toronto-91.pdf
    • http://www.gorillawalker.com/el-potencial-agricola-del-uso-de-la-tierra-en-bolivia.pdf
    • http://www.gorillawalker.com/lost-highway-journeys-arrivals-of-american-musicians.pdf
    • http://www.gorillawalker.com/the-inside-track-to-careers-in-real-estate.pdf
    • http://www.gorillawalker.com/courage-to-change-teen-survival-guides.pdf
    • http://www.gorillawalker.com/andrea-ch-nier-come-un-bel-di-oboe-part-qty.pdf
    • http://www.gorillawalker.com/saints-and-singers-sufi-music-in-the-indus-valley.pdf
    • http://www.gorillawalker.com/on-the-town-three-dance-episodes-g-schirmer-s-edition.pdf
    • http://www.gorillawalker.com/calea-my-love.pdf
    • http://www.gorillawalker.com/nothing-to-do-with-dionysos-athenian-drama-in-its-social.pdf
    • http://www.gorillawalker.com/secondary-survivors.pdf
    • http://www.gorillawalker.com/the-clay-lover-s-guide-to-making-molds-designing-making.pdf
    • http://www.gorillawalker.com/legami-resistenti-la-clinica-familiare-nel-contesto-istituzionale-la-clinica.pdf
    • http://www.gorillawalker.com/hope-for-the-flowers.pdf
    • http://www.gorillawalker.com/the-edge-of-evolution-the-search-for-the-limits-of.pdf
    • http://www.gorillawalker.com/by-neil-r-miller-walsh-hoyt-s-clinical-neuro-ophthalmology.pdf
    • http://www.gorillawalker.com/bow-accessories-equipment-and-trimmings-you-can-make.pdf
    • http://www.gorillawalker.com/green-smoothie-cleanse-7-day-green-smoothie-cleanse-green-smoothie.pdf
    • http://www.gorillawalker.com/true-lies-the-architecture-of-the-fantastic-in-the-plays.pdf
    • http://www.gorillawalker.com/mobile-modernity-germans-jews-trains.pdf
    • http://www.gorillawalker.com/sport-for-development-and-peace-a-critical-sociology-globalizing-sport.pdf
    • http://www.gorillawalker.com/loan-and-security-documents-a-negotiating-handbook.pdf
    • http://www.gorillawalker.com/organic-reactions-volume-43.pdf
    • http://www.gorillawalker.com/networking-for-seashells-online-business-growth.pdf
    • http://www.gorillawalker.com/sports-inside-the-industry.pdf
    • http://www.gorillawalker.com/the-mech
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.