Malicious PDF — malware analysis report

Static analysis result for SHA-256 b635405ec2d85b0c…

MALICIOUS

PDF

44.4 KB Created: 2018-12-15 20:09:43 +03:00 Authoring application: - (via ABBYY FineReader 9.0 Sprint)
MD5: 885c835c0bed4f803c8ee616ba628f5d SHA-1: 3dc6e914148b49ab67eb05e9f4524783bc3558eb SHA-256: b635405ec2d85b0cdba6b5955f40671f4fe02f5877c7476bea397cb20b8c240f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links identified. The ML classifier also assigned a high probability of maliciousness. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of outbound links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/poverty-a-study-of-town-life-classic-reprint.pdf
    • http://www.gorillawalker.com/semrad-the-heart-of-a-therapist.pdf
    • http://www.gorillawalker.com/the-candida-cure-yeast-fungus-your-health-the-90-day.pdf
    • http://www.gorillawalker.com/my-husband-died-because-of-me-kindle-edition.pdf
    • http://www.gorillawalker.com/only-the-ring-finger-knows-vol-5.pdf
    • http://www.gorillawalker.com/breaking-my-heart-book-1-in-my-heart-series-kindle.pdf
    • http://www.gorillawalker.com/high-noon-friendly-persuasion-more-classic-themes-by-dimitri-tiomkin.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-snowboarding-boots-for-step.pdf
    • http://www.gorillawalker.com/momo-tama-volume-3.pdf
    • http://www.gorillawalker.com/presidential-selection-theory-and-development.pdf
    • http://www.gorillawalker.com/video-field-production-and-editing-7th-edition.pdf
    • http://www.gorillawalker.com/fashion-terminology.pdf
    • http://www.gorillawalker.com/a-voyage-to-arabia-felix-through-the-eastern-ocean-also.pdf
    • http://www.gorillawalker.com/wilhelm-tell-friedrich-schiller-kommentierte-ausgabe-mit-wort-und-sacherkl.pdf
    • http://www.gorillawalker.com/shared-medical-appointments-for-chronic-medical-conditions-a-systematic-review.pdf
    • http://www.gorillawalker.com/gather-with-the-saints-familiar-hymn-tune-settings-for-4.pdf
    • http://www.gorillawalker.com/the-grounde-of-artes.pdf
    • http://www.gorillawalker.com/carrots-to-cupcakes-reading-writing-and-reciting-poems-about-food.pdf
    • http://www.gorillawalker.com/reading-and-writing-the-lakota-language-book-on-cd.pdf
    • http://www.gorillawalker.com/fracture-mechanics-analysis-of-centered-and-offset-fastener-holes-in.pdf
    • http://www.gorillawalker.com/bedrock-geologic-map-of-the-wales-quadrangle-massachusetts-connecticut.pdf
    • http://www.gorillawalker.com/string-quartet-no-12-in-f-major-op-96-by.pdf
    • http://www.gorillawalker.com/believe-the-wee-frog-la-pequena-rana.pdf
    • http://www.gorillawalker.com/lawyer-s-desk-book-1997-supplement-tenth-edition.pdf
    • http://www.gorillawalker.com/the-summer-of-dead-toys-a-thriller-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/adolescent-psychiatry-developmental-and-clinical-studies-annals-of-the-american.pdf
    • http://www.gorillawalker.com/triangulo-5th-edition-softcover-includes-1-yr-learning-site-spanish.pdf
    • http://www.gorillawalker.com/an-arabic-english-dictionary-of-the-colloquial-arabic-of-egypt.pdf
    • http://www.gorillawalker.com/ashley-terrace-murder-kindle-edition.pdf
    • http://www.gorillawalker.com/longman-american-idioms-dictionary.pdf
    • http://www.gorillawalker.com/macau-machigoto-china-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/quilts-from-the-quiltmaker-s-gift.pdf
    • http://www.gorillawalker.com/illinois-central-streamliners-1936-1946.pdf
    • http://www.gorillawalker.com/otis-s-busy-day.pdf
    • http://www.gorillawalker.com/how-to-become-a-medical-transcriptionist-pb-1998-paperback.pdf
    • http://www.gorillawalker.com/the-personal-vision-workbook.pdf
    • http://www.gorillawalker.com/the-insomnia-cure-how-to-overcome-insomnia-and-sleeping-problems.pdf
    • http://www.gorillawalker.com/world-of-warcraft-instrumental-solos-tenor-sax-book-cd-pop.pdf
    • http://www.gorillawalker.com/eduard-s-homecoming.pdf
    • http://www.gorillawalker.com/country-french-cooking-a-sunset-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.