Malicious PDF — malware analysis report

Static analysis result for SHA-256 9bc101c046fa24b5…

MALICIOUS

PDF

32.1 KB Created: 2020-01-17 19:19:13 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: cb266dad626e2ac94d3836e52cc69195 SHA-1: f6b795676fba1166b0d40a6a9492c6501849211f SHA-256: 9bc101c046fa24b5e86bc902d95b6bba3a7df4173cefb44b85bdbb147e7a471a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or a method to distribute further malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points towards a malicious intent, likely related to SEO manipulation or hosting malicious documents. The document body was unreadable, preventing further analysis of its specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bundle-essentials-of-modern-business-statistics-with-microsoft-excel-with.pdf
    • http://www.gorillawalker.com/5-step-marketing-plan-a-winning-marketing-strategy-for-small.pdf
    • http://www.gorillawalker.com/robert-indiana-prints-a-catalogue-raisonne-1951-1991.pdf
    • http://www.gorillawalker.com/the-international-atomic-energy-agency-the-library-of-weapons-of.pdf
    • http://www.gorillawalker.com/cover-letters.pdf
    • http://www.gorillawalker.com/vladimir-der-heilige-eine-erinnerungsfigur-der-russischen-geschichtsdichtung-des-18.pdf
    • http://www.gorillawalker.com/sugar-baby.pdf
    • http://www.gorillawalker.com/promises-to-keep-the-settlement-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/support-vector-machines-and-their-application-in-chemistry-and-biotechnology.pdf
    • http://www.gorillawalker.com/e-is-for-exercise.pdf
    • http://www.gorillawalker.com/oracle-primavera-p6-v8-3-professional-client-quick-guide-for.pdf
    • http://www.gorillawalker.com/the-islamist-challenge-in-algeria-a-political-history-paperback-1999.pdf
    • http://www.gorillawalker.com/ghost-stories-of-wisconsin.pdf
    • http://www.gorillawalker.com/school-shooters-understanding-high-school-college-and-adult-perpetrators.pdf
    • http://www.gorillawalker.com/a-candle-for-d-artagnan-an-historical-horror-novel-atta.pdf
    • http://www.gorillawalker.com/die-bein-und-hufleiden-der-pferde-von-spohr-reprint-of.pdf
    • http://www.gorillawalker.com/generations-in-black-and-white-photographs-from-the-james-weldon.pdf
    • http://www.gorillawalker.com/herbert-fr-hlich-a-physicist-ahead-of-his-time-springer.pdf
    • http://www.gorillawalker.com/the-farseekers-the-obernewtyn-chronicles-2.pdf
    • http://www.gorillawalker.com/laser-materials.pdf
    • http://www.gorillawalker.com/echocardiography-board-review-400-multiple-choice-questions-with-discussion.pdf
    • http://www.gorillawalker.com/sea-kayaking-around-britain.pdf
    • http://www.gorillawalker.com/the-orphan-scandal-christian-missionaries-and-the-rise-of-the.pdf
    • http://www.gorillawalker.com/the-real-wealth-of-nations-creating-a-caring-economics-bk.pdf
    • http://www.gorillawalker.com/share-together-jay-jay-the-jet-plane-nelson-board-books.pdf
    • http://www.gorillawalker.com/insight-guides-explore-melbourne-insight-explore-guides.pdf
    • http://www.gorillawalker.com/media-censorship-essential-viewpoints.pdf
    • http://www.gorillawalker.com/sutton-through-time.pdf
    • http://www.gorillawalker.com/algebra-2-with-trigonometry-solutions-manual.pdf
    • http://www.gorillawalker.com/fission.pdf
    • http://www.gorillawalker.com/puffin-classic-awake-and-dreaming-puffin-classics-edition.pdf
    • http://www.gorillawalker.com/law-of-federal-courts-hornbook.pdf
    • http://www.gorillawalker.com/among-wolves-gordon-haber-s-insights-into-alaska-s-most.pdf
    • http://www.gorillawalker.com/betty-crocker-s-hamburger-cookbook.pdf
    • http://www.gorillawalker.com/wisconsin-school-trivia-an-amazing-and-fascinating-look-at-our.pdf
    • http://www.gorillawalker.com/d-day-the-liberation-of-europe-begins-graphic-battles-of.pdf
    • http://www.gorillawalker.com/chartwell-yosemite.pdf
    • http://www.gorillawalker.com/einf-hrung-in-die-konstruktionswissenschaft-bersicht-modell-ableitungen-springer-lehrbuch.pdf
    • http://www.gorillawalker.com/stottern-im-kindesalter-forum-logop-die-german-edition.pdf
    • http://www.gorillawalker.com/national-geographic-magazine-may-1906-vol-xvii-no-5.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.