Malicious PDF — malware analysis report

Static analysis result for SHA-256 a683c20bfa330f92…

MALICIOUS

PDF

43.4 KB Created: 2018-12-14 20:05:17 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 46d46063d03771b3c07cea9d8c54b4e8 SHA-1: 48413434bd11fdeee19f728b2e0ae00f9a2d2cb0 SHA-256: a683c20bfa330f928004b17f6781f92a854680fee65f86e0b9c694b041249106
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs likely serve as a link farm to direct users to potentially malicious content or phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-troll-with-no-heart-in-his-body-and-other.pdf
    • http://www.gorillawalker.com/curtains-sexual-awakenings-4-kindle-edition.pdf
    • http://www.gorillawalker.com/jailbirds.pdf
    • http://www.gorillawalker.com/bibliodeath-my-archives-with-life-in-footnotes.pdf
    • http://www.gorillawalker.com/the-chronicles-of-narnia-boxed-set.pdf
    • http://www.gorillawalker.com/the-sacred-band-kindle-edition.pdf
    • http://www.gorillawalker.com/the-great-dayton-flood-of-1913-images-of-america-ohio.pdf
    • http://www.gorillawalker.com/meet-dizzy-dinosaur.pdf
    • http://www.gorillawalker.com/trusting-the-cowboys-riverbend-texas-heat-1-siren-publishing-menage.pdf
    • http://www.gorillawalker.com/naturally-occurring-phorbol-esters.pdf
    • http://www.gorillawalker.com/visiting-the-sick-a-guide-for-parish-ministers.pdf
    • http://www.gorillawalker.com/the-civil-rights-movement-opposing-viewpoints-digests.pdf
    • http://www.gorillawalker.com/manual-completo-de-pilates-suelo-spanish-edition.pdf
    • http://www.gorillawalker.com/el-retorno-tratado-de-las-verdades-elementales-una-introducci.pdf
    • http://www.gorillawalker.com/fusion-book-1-enhanced-edition-integrated-reading-and-writing.pdf
    • http://www.gorillawalker.com/travels-with-ted-ned.pdf
    • http://www.gorillawalker.com/ysabel-kindle-edition.pdf
    • http://www.gorillawalker.com/density-functional-theory-and-its-application-to-materials-antwerp-belgium.pdf
    • http://www.gorillawalker.com/under-your-own-power.pdf
    • http://www.gorillawalker.com/dewey-decimal-classification-and-relative-index.pdf
    • http://www.gorillawalker.com/microsoft-excel-2013-data-analysis-and-business-modeling-introducing-kindle.pdf
    • http://www.gorillawalker.com/naked.pdf
    • http://www.gorillawalker.com/glitter-mayhem.pdf
    • http://www.gorillawalker.com/exploring-beaglebone-tools-and-techniques-for-building-with-embedded-linux.pdf
    • http://www.gorillawalker.com/oracle-forms-interactive-workbook.pdf
    • http://www.gorillawalker.com/exploring-inclusive-educational-practices-through-professional-inquiry.pdf
    • http://www.gorillawalker.com/die-bekenntnisschriften-der-evangelisch-lutherischen-kirche-quellen-und-materialien-band.pdf
    • http://www.gorillawalker.com/successful-property-letting-how-to-make-money-in-buy-to.pdf
    • http://www.gorillawalker.com/the-novel-writer-s-toolkit.pdf
    • http://www.gorillawalker.com/fodor-s-pacific-northwest-with-oregon-washington-vancouver-full-color.pdf
    • http://www.gorillawalker.com/cosmic-dragons-life-and-death-on-our-planet.pdf
    • http://www.gorillawalker.com/neuro-ophthalmology-instant-clinical-diagnosis-in-ophthalmology.pdf
    • http://www.gorillawalker.com/limit-theorems-for-random-fields-with-singular-spectrum-mathematics-and.pdf
    • http://www.gorillawalker.com/people-within-a-landscape-a-collection-of-images-of-nepal.pdf
    • http://www.gorillawalker.com/the-high-mountain-cryosphere-environmental-changes-and-human-risks.pdf
    • http://www.gorillawalker.com/panaderia-y-reposteria-para-profesionales-professional-baking-spanish-edition.pdf
    • http://www.gorillawalker.com/the-disaster-artist-my-life-inside-the-room-the-greatest.pdf
    • http://www.gorillawalker.com/body-area-networks-safety-security-and-sustainability.pdf
    • http://www.gorillawalker.com/the-immunoassay-handbook.pdf
    • http://www.gorillawalker.com/the-oat-and-wheat-bran-health-plan-the-delicious-way.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.