Malicious PDF — malware analysis report

Static analysis result for SHA-256 c63d481e3403eb1d…

MALICIOUS

PDF

46.8 KB Created: 2018-11-23 08:00:41 +03:00 Authoring application: QuarkXPress(R) 9.54
MD5: 76938a8a9d648f8ad6d6df5e51832988 SHA-1: 7307f8493e6d62b371b19c917a06c28c66fff6fb SHA-256: c63d481e3403eb1d41c152bf9949740c7438678ade66ce5a72c64da0f071db5f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or link farm tactic. The primary heuristic indicates a mass external PDF link farm, with 32 links found. The document body appears to be malformed or truncated, providing no additional context for the document's purpose.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8509

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kingstone-bible-vol-12-the-revelation-the-kingstone-bible.pdf
    • http://www.gorillawalker.com/formal-and-practical-aspects-of-autonomic-computing-and-networking-specification.pdf
    • http://www.gorillawalker.com/i-never-thought-that-you-d-do-that-to-me.pdf
    • http://www.gorillawalker.com/connections-between-sexuality-and-aggression.pdf
    • http://www.gorillawalker.com/psychoanalytic-understanding-of-the-dream-psychoanalytic-understanding-drea-c.pdf
    • http://www.gorillawalker.com/calculus-and-analytic-geometry-part-2-vectors-and-functions-of.pdf
    • http://www.gorillawalker.com/the-paleo-diet-for-athletes-the-ancient-nutritional-formula-for.pdf
    • http://www.gorillawalker.com/magic-tree-house-fact-tracker-14-ancient-rome-and-pompeii.pdf
    • http://www.gorillawalker.com/bayou-farewell-the-rich-life-and-tragic-death-of-louisiana.pdf
    • http://www.gorillawalker.com/prostate-ca-vaccine-lengthens-survival-news-an-article-from-internal.pdf
    • http://www.gorillawalker.com/the-art-of-handmade-living-willow-crossley.pdf
    • http://www.gorillawalker.com/shifting-shadows-stories-from-the-world-of-mercy-thompson.pdf
    • http://www.gorillawalker.com/mcdougal-littell-middle-school-world-cultures-and-geography-student-edition.pdf
    • http://www.gorillawalker.com/swimming-with-hammerhead-sharks.pdf
    • http://www.gorillawalker.com/race-canard-air-racing-color-edition-a-history-of-racing.pdf
    • http://www.gorillawalker.com/teacher-swimmer.pdf
    • http://www.gorillawalker.com/home-tanning-and-leather-making-guide-a-book-of-information.pdf
    • http://www.gorillawalker.com/advanced-word-processing-lessons-61-120-certified-approach-college-keyboarding.pdf
    • http://www.gorillawalker.com/tattoo-vixens-2-the-best-body-art-on-the-most.pdf
    • http://www.gorillawalker.com/i-confess-revelations-in-exile-kindle-edition.pdf
    • http://www.gorillawalker.com/forever-for-a-year.pdf
    • http://www.gorillawalker.com/city-branding.pdf
    • http://www.gorillawalker.com/sensible-mathematics-second-edition-a-guide-for-school-leaders-in.pdf
    • http://www.gorillawalker.com/the-master-of-blacktower.pdf
    • http://www.gorillawalker.com/flora-illustrata-great-works-from-the-luesther-t-mertz-library.pdf
    • http://www.gorillawalker.com/c-ask-whisky-volume-1.pdf
    • http://www.gorillawalker.com/george-frideric-handel-cello-sonata-no-1-in-g-minor.pdf
    • http://www.gorillawalker.com/my-horse-of-the-north-was-titled-icelandic-pony.pdf
    • http://www.gorillawalker.com/prince2-and-agile-contracts-how-to-use-prince2-to-implement.pdf
    • http://www.gorillawalker.com/nechama-cohen-s-enlitened-kosher-cooking-more-than-250-good.pdf
    • http://www.gorillawalker.com/the-man-in-the-black-coat-russia-s-literature-of.pdf
    • http://www.gorillawalker.com/presidents-and-their-decisions-george-w-bush-hardcover-edition.pdf
    • http://www.gorillawalker.com/integrating-smart-grids-and-renewable-technology-volume-i.pdf
    • http://www.gorillawalker.com/learning-with-computers-ii-level-orange-grade-8.pdf
    • http://www.gorillawalker.com/scholastic-discover-more-animal-faces.pdf
    • http://www.gorillawalker.com/world-of-darkness-wod-chicago.pdf
    • http://www.gorillawalker.com/good-dog-carl-a-classic-board-book-board-book.pdf
    • http://www.gorillawalker.com/thriving-on-vague-objectives.pdf
    • http://www.gorillawalker.com/shepherds-hirelings-and-dictators-how-to-recognize-the-difference.pdf
    • http://www.gorillawalker.com/divorce-it-s-all-about-control-how-to-win-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.