Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba5176568ead6454…

MALICIOUS

PDF

46.4 KB Created: 2019-03-16 12:35:44 +03:00 Authoring application: QuarkXPress(R) 9.54
MD5: 7a58bee9ba61a1ead6f3c0b926c74c96 SHA-1: 0fc1289549e6bcd1e2405ab90c726947667c824d SHA-256: ba5176568ead6454727b559977c9b59db5b6893b0eb93af170f13464c4516624
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary function appears to be directing users to a link farm, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/practical-real-estate-law-text-only-6th-sixth-edition-by.pdf
    • http://www.gorillawalker.com/voices-from-the-storm-the-people-of-new-orleans-on.pdf
    • http://www.gorillawalker.com/varanoid-lizards-of-the-world.pdf
    • http://www.gorillawalker.com/fleeing-the-nazis-surviving-the-gulag-and-arriving-in-the.pdf
    • http://www.gorillawalker.com/101-amazing-things-to-do-in-australia-and-new-zealand.pdf
    • http://www.gorillawalker.com/diccionario-filosofico-philosophical-dictionary-akal-bolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/napoleon-from-tilsit-to-waterloo-1807-1815.pdf
    • http://www.gorillawalker.com/knowing-in-organizations-a-practice-based-approach.pdf
    • http://www.gorillawalker.com/requiem-in-d-minor-vocal-score-latin-edition.pdf
    • http://www.gorillawalker.com/east-african-hip-hop-youth-culture-and-globalization-interp-culture.pdf
    • http://www.gorillawalker.com/copper-s-bluff-a-quade-randal-suspense.pdf
    • http://www.gorillawalker.com/becoming-a-contagious-church-revolutionizing-the-way-we-view-and.pdf
    • http://www.gorillawalker.com/biology-of-brackish-water-2nd-edition-die-binnengewasser-bd-25.pdf
    • http://www.gorillawalker.com/geo-frontiers-2005-geotechnical-special-publication.pdf
    • http://www.gorillawalker.com/nelson-s-foundational-bible-dictionary-with-the-new-king-james.pdf
    • http://www.gorillawalker.com/the-values-virtues-book-young-women-of-faith-library-book.pdf
    • http://www.gorillawalker.com/empires-of-the-sea-the-final-battle-for-the-mediterranean.pdf
    • http://www.gorillawalker.com/hansel-and-gretel-vocal-score-german-english.pdf
    • http://www.gorillawalker.com/metallica-nothing-else-matters-the-graphic-novel.pdf
    • http://www.gorillawalker.com/the-mawaqif-and-mukhatabat-of-muhammad-ibn-abdi-l-jabbar.pdf
    • http://www.gorillawalker.com/imagenes-de-los-naturales-en-el-arte-de-la-nueva.pdf
    • http://www.gorillawalker.com/first-steps-painting-acrylics-first-step-series-bargain-price-paperback.pdf
    • http://www.gorillawalker.com/naptime-with-theo-and-beau.pdf
    • http://www.gorillawalker.com/paths-to-union-renewal-canadian-experiences.pdf
    • http://www.gorillawalker.com/the-art-of-thinking-a-guide-to-critical-and-creative.pdf
    • http://www.gorillawalker.com/the-burning-wire.pdf
    • http://www.gorillawalker.com/yesterday-will-make-you-cry-a-novel.pdf
    • http://www.gorillawalker.com/the-iran-iraq-war-essential-histories-rosen.pdf
    • http://www.gorillawalker.com/der-welsche-gast-the-italian-guest-medieval-german-texts-in.pdf
    • http://www.gorillawalker.com/best-ever-travel-tips-get-the-best-travel-secrets-advice.pdf
    • http://www.gorillawalker.com/tarascon-pocket-pharmacopoeia-2009-deluxe-labcoat-pocket-edition.pdf
    • http://www.gorillawalker.com/solutions-to-weatherburn-s-elementary-vector-analysis-with-applications-to.pdf
    • http://www.gorillawalker.com/demons-of-the-flesh-the-complete-guide-to-left-hand.pdf
    • http://www.gorillawalker.com/seaworld-2012-wall-calendar.pdf
    • http://www.gorillawalker.com/messe-noire-horreur-french-edition.pdf
    • http://www.gorillawalker.com/twerp.pdf
    • http://www.gorillawalker.com/schlusstakt-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/spondylolisthesis-a-medical-dictionary-bibliography-and-annotated-research-guide-to.pdf
    • http://www.gorillawalker.com/history-of-economic-thought-ancient-times-to-modern-times.pdf
    • http://www.gorillawalker.com/playing-time-tough-truths-about-aau-basketball-youth-sports-parents.pdf
    • http://www.gorillawalker.com/diccionario-filosofico-philosophical-dic
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.