Malicious PDF — malware analysis report

Static analysis result for SHA-256 cfefff0329236382…

MALICIOUS

PDF

31.5 KB Created: 2019-11-16 16:57:44 +03:00 Authoring application: Acrobat PDFMaker 10.1 для Word (via Adobe PDF Library 10.0) First seen: 2020-12-25
MD5: 264f33860fd2901b62e1d8d622c9ee3f SHA-1: d7efe71a261658509514e7dd4d33638daaaf3efe SHA-256: cfefff03292363827c91197097cbc3c56ef71af5853517af70c221943e5cd11e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of embedded URLs points towards a malicious intent to redirect users or influence search results. The ML classifier also indicated a high probability of maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/three-propositions-and-eleven-other-essays.pdf In PDF document text
    • http://www.gorillawalker.com/enciclopedia-de-la-cerveza-grandes-obras-series.pdfIn PDF document text
    • http://www.gorillawalker.com/british-posters-advertising-art-activism.pdfIn PDF document text
    • http://www.gorillawalker.com/michelin-local-map-number-312-essonne-paris-seine-et-marne.pdfIn PDF document text
    • http://www.gorillawalker.com/tassajara-cookbook.pdfIn PDF document text
    • http://www.gorillawalker.com/foreign-investment-international-law-and-common-concerns-routledge-research-in.pdfIn PDF document text
    • http://www.gorillawalker.com/across-the-miles-the-not-so-bad-boys-of-rock.pdfIn PDF document text
    • http://www.gorillawalker.com/handbook-of-physical-testing-of-paper-volume-1-second-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/i-beat-the-toefl-writing-korean-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/the-song-of-the-king-redesign.pdfIn PDF document text
    • http://www.gorillawalker.com/crystal-engineering-the-design-and-application-of-functional-solids-nato.pdfIn PDF document text
    • http://www.gorillawalker.com/how-to-survive-anything-a-visual-guide-to-laughing-in.pdfIn PDF document text
    • http://www.gorillawalker.com/in-love-with-a-street-king.pdfIn PDF document text
    • http://www.gorillawalker.com/der-tractatus-de-transcendentibus-des-franciscus-mayronis-recherches-de-theologie.pdfIn PDF document text
    • http://www.gorillawalker.com/qualitative-research-through-case-studies-introducing-qualitative-methods-series.pdfIn PDF document text
    • http://www.gorillawalker.com/the-americans-teacher-edition-2007.pdfIn PDF document text
    • http://www.gorillawalker.com/the-body-self-cultivation-and-ki-energy-suny-series-body.pdfIn PDF document text
    • http://www.gorillawalker.com/the-complete-guide-to-futures-trading-what-you-need-to.pdfIn PDF document text
    • http://www.gorillawalker.com/the-civil-war-in-arizona-the-story-of-the-california.pdfIn PDF document text
    • http://www.gorillawalker.com/introduction-to-bioregulatory-medicine-complementary-medicine-thieme-hardcover.pdfIn PDF document text
    • http://www.gorillawalker.com/getting-started-essentials-bike-maintenance-skills-and-speed-of-repair.pdfIn PDF document text
    • http://www.gorillawalker.com/zagatsurvey-2000-2001-philadelphia-restaurants-zagatsurvey-philadelphia-restaurants-2000-2001.pdfIn PDF document text
    • http://www.gorillawalker.com/hungry-hungry-sharks-step-into-reading-step-3.pdfIn PDF document text
    • http://www.gorillawalker.com/house-of-games.pdfIn PDF document text
    • http://www.gorillawalker.com/john-dewey-suny-series-philosophy-of-education.pdfIn PDF document text
    • http://www.gorillawalker.com/liberation-in-southern-africa-regional-and-swedish-voices-interviews-from.pdfIn PDF document text
    • http://www.gorillawalker.com/the-outside-in-corporation-how-to-build-a-customer-centric.pdfIn PDF document text
    • http://www.gorillawalker.com/practical-research-planning-and-design.pdfIn PDF document text
    • http://www.gorillawalker.com/manual-of-veterinary-dietetics-1e.pdfIn PDF document text
    • http://www.gorillawalker.com/deeply-odd-plus-bonus-digital-copy-of-deeply-odd-odd.pdfIn PDF document text
    • http://www.gorillawalker.com/building-clustered-linux-systems.pdfIn PDF document text
    • http://www.gorillawalker.com/guia-practica-del-coaching-psicologia-hoy-psychology-today-spanish-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/24-girls-in-7-days.pdfIn PDF document text
    • http://www.gorillawalker.com/the-life-of-james-mcneill-whistler-v-2.pdfIn PDF document text
    • http://www.gorillawalker.com/pmp-exam-flashcard-study-system-pmp-test-practice-questions-review.pdfIn PDF document text
    • http://www.gorillawalker.com/fishing-discover-series-picture-book-for-children-kindle-kids-library.pdfIn PDF document text
    • http://www.gorillawalker.com/north-devon-and-exmoor.pdfIn PDF document text
    • http://www.gorillawalker.com/cycles-of-influence-fiction-folktale-theory.pdfIn PDF document text
    • http://www.gorillawalker.com/comptia-security-certification-bundle-second-edition-exam-sy0-401-certification.pdfIn PDF document text
    • http://www.gorillawalker.com/mathcad.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text