Malicious PDF — malware analysis report

Static analysis result for SHA-256 a92c379ff936f0ca…

MALICIOUS

PDF

33.1 KB Created: 2020-01-17 19:19:02 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Adobe PDF Library 9.9)
MD5: cb1c5ed7908ab75c7b244299e410fe1a SHA-1: 6139803b8eba43d35f538cf8fe97c7585db3e603 SHA-256: a92c379ff936f0ca0118217c0666ff69f76524cef30226cab58e726e86ca848a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a large number of external links, specifically 32, pointing to a single domain. This behavior is indicative of a link farm or a distribution mechanism for other malicious content. The ML classifier also provided a high confidence score for maliciousness. No scripts were extracted, and the document body was not readable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rogue-s-mistress.pdf
    • http://www.gorillawalker.com/clinical-pharmacology-review.pdf
    • http://www.gorillawalker.com/big-business-the-state-and-free-trade-constructing-coalitions-in.pdf
    • http://www.gorillawalker.com/althouse-don-t-count-your-chickens-for-small-ensemble-alto.pdf
    • http://www.gorillawalker.com/bordeaux-ign-plans-de-ville.pdf
    • http://www.gorillawalker.com/essential-falls-management-series-after-the-fall.pdf
    • http://www.gorillawalker.com/1638-1683-elterliche-sorge-2-vermogenssorge-kindesschutz-sorgerechtswechsel-german-edition.pdf
    • http://www.gorillawalker.com/the-green-pen-a-novel.pdf
    • http://www.gorillawalker.com/dsp-first-2nd-edition.pdf
    • http://www.gorillawalker.com/tales-from-the-bear-cult-beat-bear-stories-from-the.pdf
    • http://www.gorillawalker.com/the-dirt-on-drugs.pdf
    • http://www.gorillawalker.com/c-g-jung-the-fundamentals-of-theory-and-practice.pdf
    • http://www.gorillawalker.com/down-under-par.pdf
    • http://www.gorillawalker.com/gone-with-the-wind-the-definitive-illustrated-history-of-the.pdf
    • http://www.gorillawalker.com/the-queen-of-floreana.pdf
    • http://www.gorillawalker.com/games-around-the-world-acorn-around-the-world.pdf
    • http://www.gorillawalker.com/prayers-of-comfort-daily-petitions-from-the-heidelberg-catechism.pdf
    • http://www.gorillawalker.com/the-ultimate-love-part-1-peace-in-the-storm-publishing.pdf
    • http://www.gorillawalker.com/geometrical-and-visual-optics-a-clinical-introduction.pdf
    • http://www.gorillawalker.com/historic-sketches-of-the-cattle-trade-of-the-west-and.pdf
    • http://www.gorillawalker.com/det-norske-rigsraad-norwegian-edition.pdf
    • http://www.gorillawalker.com/christ-centered-biblical-counseling-changing-lives-with-god-s-changeless.pdf
    • http://www.gorillawalker.com/bardsongs-and-seasons.pdf
    • http://www.gorillawalker.com/advances-in-applied-biotechnology-proceedings-of-the-2nd-international-conference.pdf
    • http://www.gorillawalker.com/consigli-vegetariani-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/decorative-stamping-hundreds-of-projects-for-your-home.pdf
    • http://www.gorillawalker.com/remarkable-lateral-thinking-puzzles.pdf
    • http://www.gorillawalker.com/native-american-design-dover-pictura-electronic-clip-art.pdf
    • http://www.gorillawalker.com/vanity-karma-ecclesiastes-the-bhagavad-gita-and-the-meaning-of.pdf
    • http://www.gorillawalker.com/applied-rheed-reflection-high-energy-electron-diffraction-during-crystal-growth.pdf
    • http://www.gorillawalker.com/first-family-the-obamas.pdf
    • http://www.gorillawalker.com/the-new-best-of-wayne-shorter-artist-transcriptions-saxophone.pdf
    • http://www.gorillawalker.com/strunk-s-source-readings-in-music-history-the-nineteenth-century.pdf
    • http://www.gorillawalker.com/sexism-in-politics-why-no-female-president-yet-kindle-edition.pdf
    • http://www.gorillawalker.com/possible-twenty-a-gangster-tale-tommy-gallagher-the-irish-mob.pdf
    • http://www.gorillawalker.com/soldiers-chorus-from-il-trovatore-opera-vocal-and-pianoforte-sheet.pdf
    • http://www.gorillawalker.com/cast-iron-cooking-for-dummies.pdf
    • http://www.gorillawalker.com/gorgeous-flowers-all-in-white-beautiful-white-blossoms-that-touch.pdf
    • http://www.gorillawalker.com/life-of-johnson-including-boswell-s-journal-of-a-tour.pdf
    • http://www.gorillawalker.com/the-beloved.pdf
    • http://www.gorillawalker.com/c-g-jung-the-fundamenta
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.