Malicious PDF — malware analysis report

Static analysis result for SHA-256 bc05fd802ddfe87d…

MALICIOUS

PDF

33.4 KB Created: 2020-01-26 18:44:02 +03:00 Authoring application: DVIPSONE 2.2.4 http://www.YandY.com (via Acrobat Distiller 7.0.5 (Windows))
MD5: 6869df61ea94d90f5cdc3f340406d810 SHA-1: 4ce4f2b09886fba85217dc926f8c4754930fdb71 SHA-256: bc05fd802ddfe87d7444a263e6bbe071b01218871b0282e1b89c9431792e6d2a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-poetry-of-kabbalah-mystical-verse-from-the-jewish-tradition.pdf
    • http://www.gorillawalker.com/secret-garden-just-right-monthly-planner-calendar-2016.pdf
    • http://www.gorillawalker.com/johnny-the-homicidal-maniac-director-s-cut.pdf
    • http://www.gorillawalker.com/low-back-pain-stiff-neck-care-exercise-it-yourself-2010.pdf
    • http://www.gorillawalker.com/sushi-easy-recipes-for-making-sushi-at-home.pdf
    • http://www.gorillawalker.com/biological-aspects-of-disease.pdf
    • http://www.gorillawalker.com/twinkie-deconstructed-my-journey-to-discover-how-the-ingredients-found.pdf
    • http://www.gorillawalker.com/radar-absorbing-materials-from-theory-to-design-and-characterization.pdf
    • http://www.gorillawalker.com/black-corps-d-elite-an-egyptian-sudanese-conscript-battalion-with.pdf
    • http://www.gorillawalker.com/accountability-not-ownership-labour-and-the-nhs-fabian-discussion-papers.pdf
    • http://www.gorillawalker.com/case-briefs-contracts-burton-4th-edition-case-briefs-by-rom.pdf
    • http://www.gorillawalker.com/a-boy-in-10-000-bc-kindle-edition.pdf
    • http://www.gorillawalker.com/shadows-on-the-stars-the-great-tree-of-avalon-book.pdf
    • http://www.gorillawalker.com/noise-in-solid-state-devices-and-circuits.pdf
    • http://www.gorillawalker.com/flynn-first-and-bush-s-antitrust-statutes-treaties-regulations-guidelines.pdf
    • http://www.gorillawalker.com/polymers-for-high-technology-electronics-and-photonics-acs-symposium-series.pdf
    • http://www.gorillawalker.com/how-to-paint-citadel-miniatures-chinese-edition.pdf
    • http://www.gorillawalker.com/the-elements-of-social-scientific-thinking.pdf
    • http://www.gorillawalker.com/prentice-hall-mathematics-course-3.pdf
    • http://www.gorillawalker.com/the-message-of-the-rosary-part-3-the-glorious-mysteries.pdf
    • http://www.gorillawalker.com/cunningham-s-text-book-of-anatomy-vol-i-human-embryology.pdf
    • http://www.gorillawalker.com/clinical-manual-for-nursing-assistants.pdf
    • http://www.gorillawalker.com/the-life-and-voyages-of-christopher-columbus-a-tour-of.pdf
    • http://www.gorillawalker.com/auditory-and-visual-sensations.pdf
    • http://www.gorillawalker.com/two-roads-to-badgers-hockey-heaven.pdf
    • http://www.gorillawalker.com/the-artscroll-youth-megillah-fully-illustrated-with-the-complete-text.pdf
    • http://www.gorillawalker.com/labelings-of-discrete-structures-and-its-applications.pdf
    • http://www.gorillawalker.com/mastering-phpmyadmin-3-4-for-effective-mysql-management-kindle-edition.pdf
    • http://www.gorillawalker.com/outsource-competing-in-the-global-productivity-race.pdf
    • http://www.gorillawalker.com/heartsinger.pdf
    • http://www.gorillawalker.com/introduction-to-biomedical-engineering-2nd-edition.pdf
    • http://www.gorillawalker.com/dividend-policy-its-impact-on-firm-value.pdf
    • http://www.gorillawalker.com/dynamics-and-skills-of-group-counseling-sw-393r-26-theories.pdf
    • http://www.gorillawalker.com/i-hate-reading-how-to-get-through-20-minutes-of.pdf
    • http://www.gorillawalker.com/the-bible-a-history-the-making-and-impact-of-the.pdf
    • http://www.gorillawalker.com/how-to-teach-online-and-make-100k-a-year.pdf
    • http://www.gorillawalker.com/calvina-el-barco-de-vapor-serie-roja-the-steamboat-red.pdf
    • http://www.gorillawalker.com/india-in-a-globalising-world-some-aspects-of-macroeconomy-agriculture.pdf
    • http://www.gorillawalker.com/postcards-from-mars-the-first-photographer-on-the-red-planet.pdf
    • http://www.gorillawalker.com/don-t-even-think-about-it-why-our-brains-are.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://www.YandY.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.