Malicious PDF — malware analysis report

Static analysis result for SHA-256 b35900cc547cdd3b…

MALICIOUS

PDF

46.5 KB Created: 2018-11-30 20:34:46 +03:00 Authoring application: PDFpen
MD5: cd33b88c2cf2782f83bfbfcf9ede4c55 SHA-1: b346032de50b20dfc9f51bb066db979d6d7ba2b2 SHA-256: b35900cc547cdd3b84b21231a992bcdc18e1f30a72ea0c3c735a500b8d4514f4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or redirection attack, aiming to drive traffic to numerous sites. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-simple-song-from-mass-sheet-music.pdf
    • http://www.gorillawalker.com/victimproof-the-student-s-guide-to-end-bullying-america-s.pdf
    • http://www.gorillawalker.com/the-power-of-tank-girl.pdf
    • http://www.gorillawalker.com/math-practice-grades-6-8-the-100-series-tm.pdf
    • http://www.gorillawalker.com/journal-of-gastroenterology-and-hepatology.pdf
    • http://www.gorillawalker.com/pilot-down-presumed-dead-special-illustrated-edition.pdf
    • http://www.gorillawalker.com/everything-you-need-to-know-about-nursing-homes-the-family.pdf
    • http://www.gorillawalker.com/searching-for-god-knows-what.pdf
    • http://www.gorillawalker.com/making-it-your-business-the-personal-transition-from-employee-to.pdf
    • http://www.gorillawalker.com/unten-im-keller-und-anderswo-roman-kinderschicksal-german-edition-kindle.pdf
    • http://www.gorillawalker.com/the-law-school-bible-how-anyone-can-become-a-lawyer.pdf
    • http://www.gorillawalker.com/the-army-and-democracy-military-politics-in-pakistan.pdf
    • http://www.gorillawalker.com/pide-otra-pizza-por-favor-order-another-pizza-please-gran.pdf
    • http://www.gorillawalker.com/coming-to-birth-women-writing-africa.pdf
    • http://www.gorillawalker.com/auto-body-repair-technology-fourth-edition.pdf
    • http://www.gorillawalker.com/coping-better-anytime-anywhere-the-handbook-of-rational-self-counseling.pdf
    • http://www.gorillawalker.com/modern-fluoroorganic-chemistry-synthesis-reactivity-applications.pdf
    • http://www.gorillawalker.com/neuropharmacology-of-ethanol-new-approaches.pdf
    • http://www.gorillawalker.com/germany-s-new-security-demographics-military-recruitment-in-the-era.pdf
    • http://www.gorillawalker.com/ruby-shadows-born-to-darkness.pdf
    • http://www.gorillawalker.com/infinite-tropics-an-alfred-russel-wallace-anthology.pdf
    • http://www.gorillawalker.com/global-marketing-sixth-edition-instructor-s-copy.pdf
    • http://www.gorillawalker.com/medicinal-plants-being-descriptions-with-original-figures-of-the-principal.pdf
    • http://www.gorillawalker.com/ceo-communication-skills-verbal-skills-to-inspire-passion-made-for.pdf
    • http://www.gorillawalker.com/creative-haven-beautiful-birds-coloring-book.pdf
    • http://www.gorillawalker.com/from-the-ship-to-the-marine-engineering-paperback.pdf
    • http://www.gorillawalker.com/finfish-and-shellfish-bacteriology-manual-techniques-and-procedures.pdf
    • http://www.gorillawalker.com/ahora-hablo-medical-edition-simple-steps-to-communicate-with-spanish.pdf
    • http://www.gorillawalker.com/counterinsurgency-in-modern-warfare-companion.pdf
    • http://www.gorillawalker.com/from-bangkok-to-bombay-siam-french-indo-china-burma-hindustan.pdf
    • http://www.gorillawalker.com/computer-animation-kaleidoscope.pdf
    • http://www.gorillawalker.com/brad-kauzlaric-the-life-works-of-a-pacific-northwest-artist.pdf
    • http://www.gorillawalker.com/sharpen-your-report-writing-skills-sharpen-your-writing-skills.pdf
    • http://www.gorillawalker.com/the-patient-s-voice-experiences-of-illness-1st-first-edition.pdf
    • http://www.gorillawalker.com/chez-panisse-fruit-notecards.pdf
    • http://www.gorillawalker.com/the-missional-church-in-perspective-mapping-trends-and-shaping-the.pdf
    • http://www.gorillawalker.com/treatise-on-invertebrate-paleontology-porifera-part-e-volume-2-introduction.pdf
    • http://www.gorillawalker.com/principles-of-european-law-volume-3-personal-security-contracts-european.pdf
    • http://www.gorillawalker.com/this-or-that-animal-debate-a-rip-roaring-game-of.pdf
    • http://www.gorillawalker.com/the-zohar-volume-ii-parashat-pinhas.pdf
    • http://www.gorillawalker.com/everything-you-need-to-know-ab
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.