Malicious PDF — malware analysis report

Static analysis result for SHA-256 d06cc1b3354763ed…

MALICIOUS

PDF

44.4 KB Created: 2019-05-05 01:33:35 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: 1672dd63da1301784ef7ff75a0cda345 SHA-1: 2c5842610bc460326cc5b2a8a866d52eade81aba SHA-256: d06cc1b3354763ed8a076e48497be130551cb3d4fdc67851663a12e611911f8f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs are likely intended to direct users to malicious or SEO-manipulated content, rather than providing legitimate document information.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/demain-les-barbares-chroniques-du-grand-effondrement-french-edition.pdf
    • http://www.gorillawalker.com/barefoot-gen-vol-9-breaking-down-borders.pdf
    • http://www.gorillawalker.com/the-realm-of-glory-how-to-tap-into-higher-realms.pdf
    • http://www.gorillawalker.com/the-lives-of-riley.pdf
    • http://www.gorillawalker.com/helen-levitt-mexico-city.pdf
    • http://www.gorillawalker.com/renaissance-of-italian-cooking.pdf
    • http://www.gorillawalker.com/target-caught-in-the-crosshairs-of-bill-and-hillary-clinton.pdf
    • http://www.gorillawalker.com/juicio-de-l-mites-entre-el-per-y-bolivia-scholar.pdf
    • http://www.gorillawalker.com/iowa-state-cyclones-2015-easel-desktop-vintage-football-calendar.pdf
    • http://www.gorillawalker.com/the-starter-wife.pdf
    • http://www.gorillawalker.com/land-and-freedom-the-origins-of-russian-terrorism-1876-1879.pdf
    • http://www.gorillawalker.com/becoming-a-young-woman-of-god-youth-specialties-kindle-edition.pdf
    • http://www.gorillawalker.com/holy-gifts-the-true-meaning-of-gold-frankincense-and-myrrh.pdf
    • http://www.gorillawalker.com/moths-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/michael-mann-crime-auteur.pdf
    • http://www.gorillawalker.com/the-blair-supremacy-a-study-in-the-politics-of-labour.pdf
    • http://www.gorillawalker.com/boston-a-guide-book.pdf
    • http://www.gorillawalker.com/tehnici-si-formule-pariuri-sportive-romanian-edition.pdf
    • http://www.gorillawalker.com/analyzing-bach-cantatas.pdf
    • http://www.gorillawalker.com/salads-fresh-and-favorite-recipes-for-classic-salads.pdf
    • http://www.gorillawalker.com/brew-your-own-the-how-to-homebrew-beer-magazine-april.pdf
    • http://www.gorillawalker.com/une-anthologie-de-la-poesie-francaise-bouquins-french-edition.pdf
    • http://www.gorillawalker.com/holy-places-are-dark-places-c-s-lewis-and-paul.pdf
    • http://www.gorillawalker.com/the-odyssey-the-fitzgerald-translation-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/capital-the-eruption-of-delhi.pdf
    • http://www.gorillawalker.com/album-etude-op-2-no-3-march-op-12-no.pdf
    • http://www.gorillawalker.com/i-matthew-henson-polar-explorer.pdf
    • http://www.gorillawalker.com/the-effect-adhd-has-on-marriage.pdf
    • http://www.gorillawalker.com/mechanics-for-engineers-solutions-manual.pdf
    • http://www.gorillawalker.com/eso-src-cern-conference-on-auxiliary-instrumentation-for-large-telescopes.pdf
    • http://www.gorillawalker.com/less-is-more-embracing-simplicity-for-a-healthy-planet-a.pdf
    • http://www.gorillawalker.com/the-enlightenment-workbook-of-buddhist-mysticism.pdf
    • http://www.gorillawalker.com/dances-with-light-photographs-of-the-canadian-rockies-by-darwin.pdf
    • http://www.gorillawalker.com/bancoc-seu-guia-passo-a-passo-abra-o-guia-descubra.pdf
    • http://www.gorillawalker.com/what-if-all-your-friends-turned-on-you.pdf
    • http://www.gorillawalker.com/el-indio-que-mat-al-padre-pro-spanish-edition.pdf
    • http://www.gorillawalker.com/prepper-the-prepper-hunkering-down-guide-f-bugging-out-bug.pdf
    • http://www.gorillawalker.com/women-power-and-politics.pdf
    • http://www.gorillawalker.com/the-oxford-study-bible-revised-english-bible-with-the-apocrypha.pdf
    • http://www.gorillawalker.com/ebay-business-expert-how-to-grow-your-business-with-the.pdf
    • http://www.gorillawalker.com/target-caught-in-the-crosshairs-of-bill-and-hillary-clint
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.