Malicious PDF — malware analysis report

Static analysis result for SHA-256 9c8c104a3d790b8d…

MALICIOUS

PDF

33.2 KB Created: 2020-01-17 19:20:53 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: ec9db51d3fa68cd6837c2f754d5408f7 SHA-1: f5ec4a0b84d7bbf036f9db022b8d19e3632a0a4d SHA-256: 9c8c104a3d790b8d399c64e03fb7a496f278412d9fcdb8e3afd9ac3514a64d9b
98 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection tactic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. While no scripts were extracted, the presence of numerous links and a visual download button lure indicates an attempt to direct the user to malicious content hosted externally.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/vascular-disease-and-affective-disorders.pdf
    • http://www.gorillawalker.com/the-trojan-horse-the-fall-of-troy-a-greek-legend.pdf
    • http://www.gorillawalker.com/paradise-lost-the-biblically-annotated-edition.pdf
    • http://www.gorillawalker.com/lighter-shades-of-grey-a-very-critical-reader-s-guide.pdf
    • http://www.gorillawalker.com/2012-samuel-bitton-landscapes-xxl-wall-calendar.pdf
    • http://www.gorillawalker.com/on-knowing-and-not-knowing-in-the-anthropology-of-medicine.pdf
    • http://www.gorillawalker.com/king-of-russia-a-year-in-the-russian-super-league.pdf
    • http://www.gorillawalker.com/history-of-british-railway-carriages-1900-53.pdf
    • http://www.gorillawalker.com/teenagers-with-add-and-adhd-a-guide-for-parents-and.pdf
    • http://www.gorillawalker.com/engineering-problem-solving-101-time-tested-and-timeless-techniques-time.pdf
    • http://www.gorillawalker.com/lustiges-taschenbuch-nr-468-der-grillmeister-german-edition.pdf
    • http://www.gorillawalker.com/the-wrong-man-love-unexpected-volume-2.pdf
    • http://www.gorillawalker.com/every-day-pronunciation.pdf
    • http://www.gorillawalker.com/number-search-101-puzzle-in-large-22pt-font-volume-2.pdf
    • http://www.gorillawalker.com/eighty-years-and-more-reminiscences-1815-1897-women-s-studies.pdf
    • http://www.gorillawalker.com/100-insectos-y-otros-invertebrados-f-cilmente-identificables-hedera-spanish.pdf
    • http://www.gorillawalker.com/bill-farlow-s-snowbird-and-winter-texan-guide.pdf
    • http://www.gorillawalker.com/expendable-launch-vehicle-flight-control-design-simulation-with-matlab-simulink.pdf
    • http://www.gorillawalker.com/handbook-of-nature-study.pdf
    • http://www.gorillawalker.com/yucatan.pdf
    • http://www.gorillawalker.com/five-feet-to-the-gates-of-hell-world-war-ii.pdf
    • http://www.gorillawalker.com/crafts-kids-wild-about-reptile-crafts-for-kids-who-are.pdf
    • http://www.gorillawalker.com/the-log-of-the-sun-a-chronicle-of-nature-s.pdf
    • http://www.gorillawalker.com/visual-strategies-for-improving-communication-revised-updated-edition-practical-supports.pdf
    • http://www.gorillawalker.com/liability-insurance-solutions-for-temporary-work-agencies-in-latvia.pdf
    • http://www.gorillawalker.com/mormon-feminism-essential-writings.pdf
    • http://www.gorillawalker.com/pollution-problems-solutions-ranger-rick-s-nature-scope.pdf
    • http://www.gorillawalker.com/mix-it-up-solution-or-mixture-my-science-library.pdf
    • http://www.gorillawalker.com/tales-of-western-romance.pdf
    • http://www.gorillawalker.com/working-with-visually-impaired-young-students-a-curriculum-guide-for.pdf
    • http://www.gorillawalker.com/iso-15500-17-2001-road-vehicles-compressed-natural-gas-cng.pdf
    • http://www.gorillawalker.com/researching-race-in-education-policy-practice-and-qualitative-research-education.pdf
    • http://www.gorillawalker.com/fatou-an-african-girl-in-harlem-kindle-edition.pdf
    • http://www.gorillawalker.com/luke-the-niv-application-commentary.pdf
    • http://www.gorillawalker.com/naawe.pdf
    • http://www.gorillawalker.com/no-hot-water-tonight.pdf
    • http://www.gorillawalker.com/ballads-and-songs-of-wwi.pdf
    • http://www.gorillawalker.com/betty-crocker-timeless-classics.pdf
    • http://www.gorillawalker.com/critique-of-psychoanalytic-concepts-and-theories-kindle-edition.pdf
    • http://www.gorillawalker.com/the-problem-of-perversion-the-view-from-self-psychology.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.