Malicious PDF — malware analysis report

Static analysis result for SHA-256 be17fa179424383b…

MALICIOUS

PDF

30.9 KB Created: 2020-01-17 19:19:35 +03:00 Authoring application: Acrobat PDFMaker 10.0 for Word (via Adobe PDF Library 10.0)
MD5: 188d66e30fd4980974494ac11176e0fc SHA-1: d4ef3769bf4fed0e39ad5b4a902d79a59e53987d SHA-256: be17fa179424383ba4e3c7dcc19282c7bc045d40990437520b3dcbdb5c700cfb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a link-farming or redirection attempt, likely to distribute further malicious content or engage in SEO abuse.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8405

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/elements-of-language-student-one-stop-think-central-student-access.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-finite-mathematics-and-calculus-with-applications.pdf
    • http://www.gorillawalker.com/this-new-noise-the-extraordinary-birth-and-troubled-life-of.pdf
    • http://www.gorillawalker.com/banged-in-the-bayou-monster-erotica-fifty-states-of-monster.pdf
    • http://www.gorillawalker.com/meaning-and-textuality-toronto-studies-in-semiotics-and-communication.pdf
    • http://www.gorillawalker.com/berkovich-spaces-and-applications-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/javascript-for-kids-a-playful-introduction-to-programming-kindle-edition.pdf
    • http://www.gorillawalker.com/the-rhinegold-complete-vocal-score.pdf
    • http://www.gorillawalker.com/iso-9001-2000-audit-procedures.pdf
    • http://www.gorillawalker.com/a-friendship-promise.pdf
    • http://www.gorillawalker.com/don-t-take-a-bath-on-a-friday-philippine-superstitions.pdf
    • http://www.gorillawalker.com/montreal-berlitz-z-map.pdf
    • http://www.gorillawalker.com/tax-planning-techniques-of-the-rich-famous-kindle-edition.pdf
    • http://www.gorillawalker.com/die-umweltpramie-und-ihre-auswirkung-auf-den-automobilhandel-german-edition.pdf
    • http://www.gorillawalker.com/laparoscopic-bariatric-surgery.pdf
    • http://www.gorillawalker.com/social-skills-support-play-role-in-adolescent-depression-child-adolescent.pdf
    • http://www.gorillawalker.com/the-dolorous-passion-of-our-lord-jesus-christ.pdf
    • http://www.gorillawalker.com/building-the-rule-of-law.pdf
    • http://www.gorillawalker.com/le-time-trotteur-l-incroyable-histoire-d-un-homme-qui.pdf
    • http://www.gorillawalker.com/salt-of-the-earth-the-story-of-a-film-the.pdf
    • http://www.gorillawalker.com/landscape-interpretations.pdf
    • http://www.gorillawalker.com/horses-wall.pdf
    • http://www.gorillawalker.com/drawing-on-the-go-people-dover-little-activity-books.pdf
    • http://www.gorillawalker.com/obsessive-compulsive-disorder-in-adults-in-the-series-advances-in.pdf
    • http://www.gorillawalker.com/leviticus-ot-daily-study-bible-series.pdf
    • http://www.gorillawalker.com/handbook-of-ornament-dover-pictorial-archive-kindle-edition.pdf
    • http://www.gorillawalker.com/city-of-angels-shannon-saga.pdf
    • http://www.gorillawalker.com/history-of-the-warfare-of-science-with-theology-in-christendom.pdf
    • http://www.gorillawalker.com/awakening-to-zen-the-teachings-of-roshi-philip-kapleau.pdf
    • http://www.gorillawalker.com/a-midsummer-nights-dream-arden-shakespeare-second-series-by-william.pdf
    • http://www.gorillawalker.com/arr-ncame-la-vida.pdf
    • http://www.gorillawalker.com/atlas-of-clinical-dermatology-2nd-edition.pdf
    • http://www.gorillawalker.com/the-underdog-s-guide-to-the-sat-strategy-guide-prepare.pdf
    • http://www.gorillawalker.com/the-christy-miller-collection-vol-1-summer-promise-a-whisper.pdf
    • http://www.gorillawalker.com/cape-lookout-national-seashore-o-boyle-bryant-house-historic-structure.pdf
    • http://www.gorillawalker.com/jack-of-diamonds.pdf
    • http://www.gorillawalker.com/a-checklist-of-north-american-amphibians-and-reptiles-the-united.pdf
    • http://www.gorillawalker.com/michelin-luxembourg-map-no-717-924.pdf
    • http://www.gorillawalker.com/commentary-on-aristotle-s-physics-aristotelian-commentary-series.pdf
    • http://www.gorillawalker.com/start-up-an-entrepreneur-s-guide-to-launching-and-managing.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.