Malicious PDF — malware analysis report

Static analysis result for SHA-256 af6eea28ce66212d…

MALICIOUS

PDF

42.8 KB Created: 2019-03-16 12:58:43 +03:00 Authoring application: - (via Acrobat Distiller 5.0 (Windows))
MD5: 64b9d44ac34cb6cf2bdde0ec8b27ae11 SHA-1: 97f29baadd578ab0ae584624344a36e29c1130c2 SHA-256: af6eea28ce66212df96c00be27f15f01b48fa02e6b7044bd335380cd5aafe137
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to various book titles, suggesting a potential lure or SEO spamming technique. No scripts were extracted, and the document body was heavily obfuscated and truncated, limiting further analysis of the specific user-facing content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tricks-of-the-windows-game-programming-gurus-2nd-edition.pdf
    • http://www.gorillawalker.com/a-d-anno-domini-the-cure-for-the-common-era.pdf
    • http://www.gorillawalker.com/teaching-tainted-lit-popular-american-fiction-in-today-s-classroom.pdf
    • http://www.gorillawalker.com/problems-solutions-in-scientific-computing-with-c-and-java-simulations.pdf
    • http://www.gorillawalker.com/using-early-memories-in-psychotherapy-roadmaps-to-presenting-problems-and.pdf
    • http://www.gorillawalker.com/g-henle-verlag-concerto-for-violoncello-and-orchestra-d-major.pdf
    • http://www.gorillawalker.com/gef-hlschaos-pferdeinternat-sankt-anna-11-german-edition.pdf
    • http://www.gorillawalker.com/ancient-maya-commoners.pdf
    • http://www.gorillawalker.com/a-nation-of-empire-the-ottoman-legacy-of-turkish-modernity.pdf
    • http://www.gorillawalker.com/procopius-the-secret-history-penguin-classics.pdf
    • http://www.gorillawalker.com/biology-for-the-ib-diploma.pdf
    • http://www.gorillawalker.com/automotive-engineering-international-may-2003-cadillac-xlr-roadster-cover-sensors.pdf
    • http://www.gorillawalker.com/pen-drawing-an-illustrated-treatise-72-drawing-for-big-drawing.pdf
    • http://www.gorillawalker.com/dalai-lama-la-pr-ctica-de-la-compasi-n-beneficia.pdf
    • http://www.gorillawalker.com/very-large-floating-structures-spon-research.pdf
    • http://www.gorillawalker.com/alfons-mucha-fototorst.pdf
    • http://www.gorillawalker.com/divine-healing-made-simple-simplifying-the-supernatural-to-make-healing.pdf
    • http://www.gorillawalker.com/unveiling-spartan-women.pdf
    • http://www.gorillawalker.com/enhancing-primary-care-of-elderly-people-garland-reference-library-of.pdf
    • http://www.gorillawalker.com/eagles-over-gazala-air-battles-in-north-africa-may-june.pdf
    • http://www.gorillawalker.com/cupcakes-decoraci.pdf
    • http://www.gorillawalker.com/johann-sebastian-bach-messe-in-h-moll-mass-in-b.pdf
    • http://www.gorillawalker.com/advances-in-parasitology-vol-38.pdf
    • http://www.gorillawalker.com/wordsworth-commodification-and-social-concern-the-poetics-of-modernity-cambridge.pdf
    • http://www.gorillawalker.com/rain-on-the-dead-sean-dillon-book-21-unabridged-audible.pdf
    • http://www.gorillawalker.com/god-in-you.pdf
    • http://www.gorillawalker.com/spectrum-science-grade-5.pdf
    • http://www.gorillawalker.com/betrayed-faithgirlz-boarding-school-mysteries.pdf
    • http://www.gorillawalker.com/pakistan-map-1-1-200-000-2005-travel-reference-map.pdf
    • http://www.gorillawalker.com/mohammedanism.pdf
    • http://www.gorillawalker.com/rock-wall-climbing-the-essential-guide-to-equipment-and-techniques.pdf
    • http://www.gorillawalker.com/monster-trucks-action-events.pdf
    • http://www.gorillawalker.com/2-marches-for-military-band-woo-18-19-clarinet-1.pdf
    • http://www.gorillawalker.com/glencoe-literature-reading-with-purpose-course-two-student-edition.pdf
    • http://www.gorillawalker.com/a-wedding-on-primrose-street-life-in-icicle-falls.pdf
    • http://www.gorillawalker.com/the-healing-power-of-exercise.pdf
    • http://www.gorillawalker.com/eargle-s-the-microphone-book-from-mono-to-stereo-to.pdf
    • http://www.gorillawalker.com/great-moments-in-gospel-music-by-various-artists-vol-2.pdf
    • http://www.gorillawalker.com/equine-exercise-physiology.pdf
    • http://www.gorillawalker.com/chicken-sunday.pdf
    • http://www.gorillawalker.com/g-henle-verlag-concerto-for-violoncello-and-orchestra-d-ma
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.