Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf1a5ea599e69770…

MALICIOUS

PDF

46.6 KB Created: 2018-12-15 08:11:18 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 0126f03c02b984d6c08bf4be3035c69a SHA-1: 6f889439b1dfc242f7dbaac9747b38efc165aa0f SHA-256: cf1a5ea599e69770df93cc19c96e5ca8dc93b0f3f0866bbc8e2eeb064f04b976
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or distribution point for malicious content. The document body is heavily obfuscated and does not provide clear textual lures, but the presence of numerous PDF links suggests a tactic to lure users to external, potentially malicious, resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/effects-of-food-and-drugs-on-sleep-docters-advice-about.pdf
    • http://www.gorillawalker.com/akira-kurosawa-signo-e-imagen-spanish-edition.pdf
    • http://www.gorillawalker.com/fifty-five-best-brownies-in-the-world.pdf
    • http://www.gorillawalker.com/kenton-s-vintage-affair-the-underwood-s-of-napa-valley.pdf
    • http://www.gorillawalker.com/click-clock-kindle-edition.pdf
    • http://www.gorillawalker.com/folk-songs-for-choirs-book-2-thirteen-arrangements-for-unaccompanied.pdf
    • http://www.gorillawalker.com/my-race-with-prostate-cancer-a-runner-s-journal.pdf
    • http://www.gorillawalker.com/british-gymnasts-the-face-of-the-future-hardcover.pdf
    • http://www.gorillawalker.com/pakistan-physical-map-scale-1-2-500-000.pdf
    • http://www.gorillawalker.com/the-airport-economist.pdf
    • http://www.gorillawalker.com/legends-of-the-blessed-sacrament-gathered-from-the-history-of.pdf
    • http://www.gorillawalker.com/it-s-easy-to-play-abba.pdf
    • http://www.gorillawalker.com/building-virtual-instruments-that-meet-the-changing-demands-of-scientific.pdf
    • http://www.gorillawalker.com/everyone-needs-a-friend.pdf
    • http://www.gorillawalker.com/the-formative-period-of-twelver-shi-ism-hadith-as-discourse.pdf
    • http://www.gorillawalker.com/the-bounty-hunter-series-one-collection-kindle-edition.pdf
    • http://www.gorillawalker.com/louis-pasteur-and-pasteurization-inventions-and-discovery.pdf
    • http://www.gorillawalker.com/ifriqiya-thirteen-centuries-of-art-and-architecture-in-tunisia-1.pdf
    • http://www.gorillawalker.com/how-to-draw-manga-beginners-guide-to-master-manga-with.pdf
    • http://www.gorillawalker.com/adobe-photoshop-elements-3-0-mit-cd-rom.pdf
    • http://www.gorillawalker.com/know-what-s-next-magazine-2015-strategies-for-transforming-your.pdf
    • http://www.gorillawalker.com/mars-the-red-planet-100-page-lined-journal-blank-100.pdf
    • http://www.gorillawalker.com/intimate-distance-andean-music-in-japan.pdf
    • http://www.gorillawalker.com/fodor-s-new-mexico-3rd-edition-completely-updated-where-to.pdf
    • http://www.gorillawalker.com/prevail-a-handbook-for-the-overcomer.pdf
    • http://www.gorillawalker.com/philip-allan-literature-guide-for-gcse-an-inspector-calls-philip.pdf
    • http://www.gorillawalker.com/the-doctor-s-little-black-book-the-cuckquean-diaries-2.pdf
    • http://www.gorillawalker.com/pink-champagne-a-new-version-of-the-original-die-fledermaus.pdf
    • http://www.gorillawalker.com/inhaled-particles-iv-proceedings-of-an-international-symposium-organized-by.pdf
    • http://www.gorillawalker.com/winnie-the-pooh-disney-sticker-calendar-1997.pdf
    • http://www.gorillawalker.com/the-billionaire-s-m-nage-wife-sharing-mfm-erotic-romance.pdf
    • http://www.gorillawalker.com/covenant-of-terror-and-the-death-of-america-kindle-edition.pdf
    • http://www.gorillawalker.com/final-de-sinfonia-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/release-me-when-the-sun-goes-down-forged-bloodlines-7.pdf
    • http://www.gorillawalker.com/ballistic-missile-and-aerospace-technology-volume-iii-propulsion-space-science.pdf
    • http://www.gorillawalker.com/emulsion-polymerization-and-emulsion-polymers.pdf
    • http://www.gorillawalker.com/the-secret-pillars-of-writing-a-crash-course.pdf
    • http://www.gorillawalker.com/british-cars-at-le-mans-ac-aston-martin-bentley-healey.pdf
    • http://www.gorillawalker.com/violin-piano-concerto-in-a-minor-kalmus-edition.pdf
    • http://www.gorillawalker.com/food-wars-the-global-battle-for-mouths-minds-and-markets.pdf
    • http://www.gorillawalker.com/my-race-with-p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.