Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd4be630d43424c8…

MALICIOUS

PDF

34.2 KB Created: 2019-12-13 16:10:34 +03:00 Authoring application: Writer (via OpenOffice.org 2.0)
MD5: 11a8611e0d636856372771622110ae3c SHA-1: e511685e1e980d5ec7f62872b555e7c1e703cdd8 SHA-256: bd4be630d43424c8765ce9127f4a348b918897a6ea963417f4d6ba79a5eaaf08
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links likely serve as a lure to direct users to download further malicious content, potentially leading to malware infection. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/oxford-handbook-of-gastroenterology-hepatology-oxford-handbooks-series.pdf
    • http://www.gorillawalker.com/writing-frames-for-the-interactive-whiteboard-quick-easy-lessons-models.pdf
    • http://www.gorillawalker.com/accidental-injury-biomechanics-and-prevention.pdf
    • http://www.gorillawalker.com/philosophical-explanations.pdf
    • http://www.gorillawalker.com/elasticity-solid-mechanics-and-its-applications.pdf
    • http://www.gorillawalker.com/the-little-book-for-girls.pdf
    • http://www.gorillawalker.com/business-law-and-the-regulation-of-business-custom-mtsu.pdf
    • http://www.gorillawalker.com/nietzsche-a-philosophical-biography.pdf
    • http://www.gorillawalker.com/america-the-beautiful-choral-score-brass-quintet-organ-opt-percussion.pdf
    • http://www.gorillawalker.com/kaplan-mcat-complete-7-book-subject-review-2016-book-online.pdf
    • http://www.gorillawalker.com/drums-in-the-americas.pdf
    • http://www.gorillawalker.com/optimization-modelling-a-practical-approach.pdf
    • http://www.gorillawalker.com/aromatherapy-using-essential-oils.pdf
    • http://www.gorillawalker.com/christmas-follow-the-dots.pdf
    • http://www.gorillawalker.com/goodnight-sleep-tight-what-a-wonderful-flight-kindle-edition.pdf
    • http://www.gorillawalker.com/religion-teen-rights-and-freedoms.pdf
    • http://www.gorillawalker.com/room-03.pdf
    • http://www.gorillawalker.com/biotechnology-of-bioactive-compounds-sources-and-applications.pdf
    • http://www.gorillawalker.com/the-road-to-athletic-scholarship-what-every-student-athlete-parent.pdf
    • http://www.gorillawalker.com/electron-microscopic-studies-of-the-virus-of-varicella-chicken-pox.pdf
    • http://www.gorillawalker.com/backpacker-magazine-s-campsite-cooking-cookware-cuisine-and-cleaning-up.pdf
    • http://www.gorillawalker.com/tactical-chess-training.pdf
    • http://www.gorillawalker.com/life-interrupted-the-scoop-on-being-a-young-mom-mothers.pdf
    • http://www.gorillawalker.com/plain-talking-the-federalist.pdf
    • http://www.gorillawalker.com/the-elements-of-marine-engineering-tables-and-formulas.pdf
    • http://www.gorillawalker.com/bai-ganyo-incredible-tales-of-a-modern-bulgarian.pdf
    • http://www.gorillawalker.com/hackers-toeic-reading-for-korean-speakers.pdf
    • http://www.gorillawalker.com/new-directions-in-anthropological-kinship.pdf
    • http://www.gorillawalker.com/to-my-assistant-things-i-ll-never-do-to-you.pdf
    • http://www.gorillawalker.com/the-homeowner-s-handbook-of-solar-water-heating-systems-how.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-7th-edition-plus-eduspace.pdf
    • http://www.gorillawalker.com/values-in-selected-children-s-books-of-fiction-and-fantasy.pdf
    • http://www.gorillawalker.com/service-book-and-hymnal.pdf
    • http://www.gorillawalker.com/trade-policy-review-singapore-2000.pdf
    • http://www.gorillawalker.com/bundle-nutrition-for-health-and-health-care-4th-dietary-guidelines.pdf
    • http://www.gorillawalker.com/looking-at-the-world-thru-rose-colored-glasses-nick-lucas.pdf
    • http://www.gorillawalker.com/pai-filho-pai-portuguese-edition.pdf
    • http://www.gorillawalker.com/complete-first-for-spanish-speakers-teacher-s-book-with-teacher.pdf
    • http://www.gorillawalker.com/janet-and-john-here-we-go-janet-and-john-books.pdf
    • http://www.gorillawalker.com/advertising-and-promotion-an-integrated-marketing-communications-perspective-9th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.