Malicious PDF — malware analysis report

Static analysis result for SHA-256 a06771c48b807ea4…

MALICIOUS

PDF

41.5 KB Created: 2019-02-14 08:25:33 +03:00 Authoring application: PrimoPDF http://www.primopdf.com (via Nitro PDF PrimoPDF)
MD5: 8d769285dd1e945dbe4ed76ee322610e SHA-1: 3a7a04f2b6f5e14a34fcc2bb9d6b73f5c70de614 SHA-256: a06771c48b807ea4d2c21730b6f0aca9d314ff80c581cd147ab9d536f142ae12
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The document body is heavily obfuscated and does not provide clear user-facing text, suggesting its primary purpose is not informational. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-social-construction-of-sexuality-second-edition-contemporary-societies-series.pdf
    • http://www.gorillawalker.com/sass-spain-or-shine.pdf
    • http://www.gorillawalker.com/the-egyptian-book-of-the-dead-the-papyrus-of-ani.pdf
    • http://www.gorillawalker.com/w32clb-foundations-for-superior-performance-warm-ups-and-technique-for.pdf
    • http://www.gorillawalker.com/practical-research-planning-and-design-paul-d-leedy-jeanne-ellis.pdf
    • http://www.gorillawalker.com/satellite-communications-systems-systems-techniques-and-technology-kindle-edition.pdf
    • http://www.gorillawalker.com/evolutionary-history-of-the-marsupials-and-an-analysis-of-osteological.pdf
    • http://www.gorillawalker.com/a-tortured-people-the-politics-of-colonization.pdf
    • http://www.gorillawalker.com/the-little-black-songbook-acoustic-hits-lyrics-chords.pdf
    • http://www.gorillawalker.com/civil-rights-complaints-in-u-s-district-courts-1990-2006.pdf
    • http://www.gorillawalker.com/oats-and-oat-improvement-volume-8-of-agronomy.pdf
    • http://www.gorillawalker.com/passiespel-dutch-edition.pdf
    • http://www.gorillawalker.com/critical-thinking-in-psychology.pdf
    • http://www.gorillawalker.com/yoga-suraya-namsakar-2014-mindful-editions.pdf
    • http://www.gorillawalker.com/india-discovered.pdf
    • http://www.gorillawalker.com/happy-slow-cooking-piu-tempo-per-noi-senza-abbandonare-la.pdf
    • http://www.gorillawalker.com/reingenieria-spanish-edition.pdf
    • http://www.gorillawalker.com/there-are-no-children-here-the-story-of-two-boys.pdf
    • http://www.gorillawalker.com/levitation-what-it-is-how-it-works-how-to-do.pdf
    • http://www.gorillawalker.com/the-drowned-book-ecstatic-and-earthy-reflections-of-bahauddin-the.pdf
    • http://www.gorillawalker.com/the-country-wife-a-new-version-kindle-edition.pdf
    • http://www.gorillawalker.com/lake-superior-lawyer-a-biography-of-chester-adgate-congdon.pdf
    • http://www.gorillawalker.com/quaker-records-of-baltimore-and-harford-counties-maryland-1801-1825.pdf
    • http://www.gorillawalker.com/computer-applications-in-shaping-and-forming-of-materials.pdf
    • http://www.gorillawalker.com/hunkering-down-prepping-to-survive-in-your-home-during-a.pdf
    • http://www.gorillawalker.com/cpa-s-guide-to-management-letter-comments-with-cd-rom.pdf
    • http://www.gorillawalker.com/broken-chains-a-six-book-set.pdf
    • http://www.gorillawalker.com/moody-minds-distempered-essays-on-melancholy-and-depression.pdf
    • http://www.gorillawalker.com/the-other-side-of-the-island.pdf
    • http://www.gorillawalker.com/selling-contemporary-art-how-to-navigate-the-evolving-market.pdf
    • http://www.gorillawalker.com/mazda-mx-5-and-miata-1989-1999-mrp-autoguide-paperback.pdf
    • http://www.gorillawalker.com/laparoscopic-liver-resection-theory-and-techniques.pdf
    • http://www.gorillawalker.com/i-will-repay-a-romance.pdf
    • http://www.gorillawalker.com/cornelia-and-the-audacious-escapades-of-the-somerset-sisters.pdf
    • http://www.gorillawalker.com/children-act-1989-schedule-1-applications.pdf
    • http://www.gorillawalker.com/food-lovers-chicken.pdf
    • http://www.gorillawalker.com/rick-steves-paris-2010.pdf
    • http://www.gorillawalker.com/sparrowhawks-a-falconer-s-guide.pdf
    • http://www.gorillawalker.com/the-concrete-dragon.pdf
    • http://www.gorillawalker.com/hydrothermal-chemistry-of-zeolites.pdf
    • http://www.primopdf.com
    • http://www.gorillawalker.com/satellite-communications-systems-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.