Malicious PDF — malware analysis report

Static analysis result for SHA-256 b5c3de2784fb1373…

MALICIOUS

PDF

33.3 KB Created: 2019-12-14 10:40:08 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: ce2c671d5b395fa1d1d047d7240f4c40 SHA-1: c1649bf44c6f4e6173e66136670b44e24ba0ea83 SHA-256: b5c3de2784fb1373934154b82216569fad80cad49ba9c83dfb96f4169a855355
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary goal appears to be directing users to a website that hosts numerous PDF documents, potentially for malicious redirection or SEO spam.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/legacy-of-discord-voices-of-the-vietnam-era.pdf
    • http://www.gorillawalker.com/book-of-kidssongs-2-a-holler-along-handbook-for-home.pdf
    • http://www.gorillawalker.com/gordon-s-tour-with-shiny-10-wartime-record-of-a.pdf
    • http://www.gorillawalker.com/ocean-of-fire.pdf
    • http://www.gorillawalker.com/ordinary-resurrections-children-in-the-years-of-hope-unabridged-audible.pdf
    • http://www.gorillawalker.com/spotlight-on-the-13-colonies.pdf
    • http://www.gorillawalker.com/qualitative-methods-in-psychology-a-research-guide.pdf
    • http://www.gorillawalker.com/the-other-bishop-berkeley-an-exercise-in-reenchantment.pdf
    • http://www.gorillawalker.com/the-cultural-politics-of-jazz-collectives-this-is-our-music.pdf
    • http://www.gorillawalker.com/kiss-me-you-animal-the-divination-falls-trilogy-volume-3.pdf
    • http://www.gorillawalker.com/ben-gurion-a-political-life-jewish-encounters.pdf
    • http://www.gorillawalker.com/rainy-day-fun-cards-fun-card-decks.pdf
    • http://www.gorillawalker.com/how-to-prepare-paratha-kindle-edition.pdf
    • http://www.gorillawalker.com/responsible-opioid-prescribing-a-clinician-s-guide-second-edition-revised.pdf
    • http://www.gorillawalker.com/mama-s-song-piano-vocal-guitar-sheet-original-sheet-music.pdf
    • http://www.gorillawalker.com/the-decorations-medals-ribbons-badges-and-insignia-of-the-united.pdf
    • http://www.gorillawalker.com/the-complete-slow-cooking-for-two-a-perfectly-portioned-slow.pdf
    • http://www.gorillawalker.com/prosultative-selling-kindle-edition.pdf
    • http://www.gorillawalker.com/introduction-to-welding-engineering.pdf
    • http://www.gorillawalker.com/american-trade-politics-fourth-edition.pdf
    • http://www.gorillawalker.com/the-art-of-selling-art-online-how-to-start-selling.pdf
    • http://www.gorillawalker.com/diagnostic-bacteriology-a-study-guide.pdf
    • http://www.gorillawalker.com/gousha-city-map-tucson.pdf
    • http://www.gorillawalker.com/after-the-absolute-real-life-adventures-with-a-backwoods-buddha.pdf
    • http://www.gorillawalker.com/primary-purpose.pdf
    • http://www.gorillawalker.com/interchange-level-2-student-s-book-b-with-self-study.pdf
    • http://www.gorillawalker.com/working-the-ranch-what-happens-on-the-ranch-interracial-straight.pdf
    • http://www.gorillawalker.com/jaws-a-novel.pdf
    • http://www.gorillawalker.com/ktpa-mcat-verbal-reasoning-and-writing.pdf
    • http://www.gorillawalker.com/preston-sturges-s-vision-of-america-critical-analyses-of-fourteen.pdf
    • http://www.gorillawalker.com/building-a-magnetic-culture-how-to-attract-and-retain-top.pdf
    • http://www.gorillawalker.com/the-adobe-photoshop-layers-book-harnessing-photoshop-s-most-powerful.pdf
    • http://www.gorillawalker.com/girls-know-best-advice-for-girls-from-girls-on-just.pdf
    • http://www.gorillawalker.com/venus-masterpieces-of-erotic-photography.pdf
    • http://www.gorillawalker.com/jumpstarters-for-abbreviations-grades-4-8.pdf
    • http://www.gorillawalker.com/la-casa-de-bernarda-alba-texto-completo-annotated-spanish-edition.pdf
    • http://www.gorillawalker.com/an-heir-for-the-billionaire-his-every-desire-part-two.pdf
    • http://www.gorillawalker.com/physical-properties-of-iii-v-semiconductor-compounds.pdf
    • http://www.gorillawalker.com/retire-the-right-way-with-the-dynamic-duo.pdf
    • http://www.gorillawalker.com/the-new-zealand-bed-and-breakfast-book-homes-farms-guest.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.