Malicious PDF — malware analysis report

Static analysis result for SHA-256 cc5f69e917676123…

MALICIOUS

PDF

44.6 KB Created: 2018-11-23 20:58:40 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: 198ea83f916014f55e6be5a765c24d27 SHA-1: 571a97eb106fa4c554b9317f6729069f307c5ccc SHA-256: cc5f69e9176761231e82f3c7be30e36d0230827aa3432cf0ca4835518e0753af
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated and unreadable, the presence of 32 external links suggests a malicious intent, likely for SEO manipulation or to redirect users to potentially harmful websites. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-life-and-writings-of-saint-patrick.pdf
    • http://www.gorillawalker.com/content.pdf
    • http://www.gorillawalker.com/amish-forever-volume-4-a-cold-winter-kindle-edition.pdf
    • http://www.gorillawalker.com/edificando-un-matrimonio-que-en-verdad-funcione-building-a-marriage.pdf
    • http://www.gorillawalker.com/the-japan-diaries-of-richard-gordon-smith.pdf
    • http://www.gorillawalker.com/the-spirit-divided-memoirs-of-civil-war-chaplains-the-confederacy.pdf
    • http://www.gorillawalker.com/handel-s-oratorio-jephtha-in-vocal-score-with-a-separate.pdf
    • http://www.gorillawalker.com/the-cornbread-gospels.pdf
    • http://www.gorillawalker.com/tales-of-a-codependent-pet-owner-my-life-with-the.pdf
    • http://www.gorillawalker.com/the-art-and-science-of-bedside-diagnosis.pdf
    • http://www.gorillawalker.com/mathematical-modeling-for-the-marketplace.pdf
    • http://www.gorillawalker.com/a-freight-train-in-my-brain-surviving-schizophrenia.pdf
    • http://www.gorillawalker.com/a-taste-of-honey-kindle-edition.pdf
    • http://www.gorillawalker.com/the-political-economy-of-regionalism-in-east-asia-integrative-explanation.pdf
    • http://www.gorillawalker.com/understanding-data.pdf
    • http://www.gorillawalker.com/a-rumor-of-dragons-dragons-of-autumn-twilight-vol-1.pdf
    • http://www.gorillawalker.com/a-paradise-called-texas.pdf
    • http://www.gorillawalker.com/after-buddhism-rethinking-the-dharma-from-the-ground-up.pdf
    • http://www.gorillawalker.com/perceptual-audio-evaluation-theory-method-and-application.pdf
    • http://www.gorillawalker.com/washington-d-c-off-the-beaten-path-5th-a-guide.pdf
    • http://www.gorillawalker.com/principles-of-auditing-and-other-assurance-services.pdf
    • http://www.gorillawalker.com/elysium-the-tyke-mcgrath-series-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/easy-classics-for-cello-book-i-arranged-for-cello-and.pdf
    • http://www.gorillawalker.com/bent-over-and-creamed-forbidden-taboo-erotica.pdf
    • http://www.gorillawalker.com/moral-boundaries-a-political-argument-for-an-ethic-of-care.pdf
    • http://www.gorillawalker.com/agile-project-management-five-obstacles-to-agile-success-kindle-edition.pdf
    • http://www.gorillawalker.com/minerva-mint-pack-b-minerva-mint-minerva-mint.pdf
    • http://www.gorillawalker.com/old-nazis-the-new-right-and-the-republican-party-domestic.pdf
    • http://www.gorillawalker.com/marketing-is-king-real-world-marketing-to-build-relationships-get.pdf
    • http://www.gorillawalker.com/twelve-fantasias-for-trumpet-or-tc-euphonium.pdf
    • http://www.gorillawalker.com/snopes-a-trilogy-the-hamlet-the-town-the-mansion.pdf
    • http://www.gorillawalker.com/wild-fibonacci-nature-s-secret-code-revealed.pdf
    • http://www.gorillawalker.com/myths-and-motifs-of-the-mortal-instruments.pdf
    • http://www.gorillawalker.com/high-rhulain-redwall.pdf
    • http://www.gorillawalker.com/the-most-important-thing-illuminated-uncommon-sense-for-the-thoughtful.pdf
    • http://www.gorillawalker.com/the-far-side-of-armageddon.pdf
    • http://www.gorillawalker.com/authority-in-search-of-liberty-scrinium-vii.pdf
    • http://www.gorillawalker.com/the-party-s-over-now-reminiscences-of-the-fifties-new.pdf
    • http://www.gorillawalker.com/prophecy-and-modern-times.pdf
    • http://www.gorillawalker.com/hazardous-waste-risk-assessment.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.