Malicious PDF — malware analysis report

Static analysis result for SHA-256 c6eccc91d7d5ff9a…

MALICIOUS

PDF

41.5 KB Created: 2019-03-17 08:36:57 +03:00 Authoring application: AdobePS5.dll Version 5.0.1 (via Acrobat Distiller 4.0 for Windows)
MD5: cecf54fb0db54db7b3097d4d4487f7c7 SHA-1: 4eca4183653776a9b1d5c6795a0f419ff50a9ce4 SHA-256: c6eccc91d7d5ff9a6dbaf8719b3ed9fb7127f83b0d219ec37ab373a66297daf7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be directing users to a vast array of URLs, likely for SEO poisoning or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/six-sigma-kompakt-und-praxisnah-prozessverbesserung-effizient-und-erfolgreich-implementieren.pdf
    • http://www.gorillawalker.com/a-reader-on-reading.pdf
    • http://www.gorillawalker.com/a-tree-is-a-tree.pdf
    • http://www.gorillawalker.com/plant-breeding-and-biotechnology-societal-context-and-the-future-of.pdf
    • http://www.gorillawalker.com/no-eat-not-food-moonbeam-children-s-award.pdf
    • http://www.gorillawalker.com/relapse-prevention-counseling-workbook-practical-exercises-for-managing-high-risk.pdf
    • http://www.gorillawalker.com/iran-bradt-travel-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/sam-houston-a-biography-of-the-father-of-texas.pdf
    • http://www.gorillawalker.com/pragmatic-scala-create-expressive-concise-and-scalable-applications.pdf
    • http://www.gorillawalker.com/nielyv-saga-vampiros-luminish-n-2-spanish-edition.pdf
    • http://www.gorillawalker.com/typography-21-the-annual-of-the-type-directors-club.pdf
    • http://www.gorillawalker.com/the-atlas-of-food-with-a-new-introduction.pdf
    • http://www.gorillawalker.com/the-cholesterol-myths-exposing-the-fallacy-that-saturated-fat-and.pdf
    • http://www.gorillawalker.com/ten-days-that-shook-the-world-penguin-classics.pdf
    • http://www.gorillawalker.com/casenote-legal-breifs-contracts-keyed-to-farnsworth-sanger-cohen-brooks.pdf
    • http://www.gorillawalker.com/healthy-eating-during-chemotherapy.pdf
    • http://www.gorillawalker.com/why-save-the-rain-forest.pdf
    • http://www.gorillawalker.com/handbook-on-international-commercial-arbitration-second-edition.pdf
    • http://www.gorillawalker.com/the-war-on-debt-learn-strategies-to-turn-creativity-into.pdf
    • http://www.gorillawalker.com/the-secret-teachings-of-jesus-four-gnostic-gospels.pdf
    • http://www.gorillawalker.com/justus-lipsius-on-constancy-bristol-phoenix-press-the-neo-latin.pdf
    • http://www.gorillawalker.com/people-on-the-move-an-atlas-of-migration.pdf
    • http://www.gorillawalker.com/muerte-a-los-coches-ebook-epub-gran-angular-spanish-edition.pdf
    • http://www.gorillawalker.com/all-the-blues-chords-you-ll-ever-need.pdf
    • http://www.gorillawalker.com/the-thread-of-life-twelve-old-italian-tales.pdf
    • http://www.gorillawalker.com/flying-lightness-promises-for-structural-elegance.pdf
    • http://www.gorillawalker.com/itunes-and-icloud-for-iphone-ipad-ipod-touch-absolute-beginner.pdf
    • http://www.gorillawalker.com/the-dice-game-of-shiva-how-consciousness-creates-the-universe.pdf
    • http://www.gorillawalker.com/falling-skies-volume-2-the-battle-of-fitchburg.pdf
    • http://www.gorillawalker.com/satan-s-property-a-satan-s-sons-mc-novel-satan.pdf
    • http://www.gorillawalker.com/a-year-of-seasons-cycles-in-nature.pdf
    • http://www.gorillawalker.com/cuba-a-history-in-art.pdf
    • http://www.gorillawalker.com/femininity-in-flight-a-history-of-flight-attendants-radical-perspectives.pdf
    • http://www.gorillawalker.com/the-gothic-flame-being-a-history-of-the-gothic-novel.pdf
    • http://www.gorillawalker.com/the-infectious-diseases-of-domestic-animals-with-special-reference-to.pdf
    • http://www.gorillawalker.com/the-bat-a-harry-hole-novel-1-kindle-edition.pdf
    • http://www.gorillawalker.com/his-one-and-only-50-loving-states-volume-6.pdf
    • http://www.gorillawalker.com/killer-samurai-sudoku-100-puzzles.pdf
    • http://www.gorillawalker.com/the-white-road-journey-into-an-obsession.pdf
    • http://www.gorillawalker.com/mtel-english-07-practice-test-1.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.