Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbbf59514aec2cd1…

MALICIOUS

PDF

42.4 KB Created: 2019-01-06 08:17:13 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: d102ed2012af8c875dcf0e63c1f5b57b SHA-1: 6be97de1d8e5fb9004e1638c9f4a84232e9a1437 SHA-256: dbbf59514aec2cd167566c214a680ce747d3e78ea77e75be950b2af2701456b3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/olomouc-plan-mesta-stadtplan-city-plan-plan-de-ville-czech.pdf
    • http://www.gorillawalker.com/iec-tr-61508-0-ed-1-0-b-2005-functional.pdf
    • http://www.gorillawalker.com/the-last-bride-berkley-sensation.pdf
    • http://www.gorillawalker.com/intelligent-businessman-s-guide-to-japan-kindle-edition.pdf
    • http://www.gorillawalker.com/manual-de-viticultura-spanish-edition.pdf
    • http://www.gorillawalker.com/statistical-physics-an-introductory-course.pdf
    • http://www.gorillawalker.com/the-heart-of-sicily-recipes-and-reminiscences-of-regaleali-a.pdf
    • http://www.gorillawalker.com/ovnis-investigacion-y-conclusiones-spanish-edition.pdf
    • http://www.gorillawalker.com/visual-c-6-for-dummies-quick-reference-for-dummies-quick.pdf
    • http://www.gorillawalker.com/vocational-college-road-and-bridge-engineering-and-technical-expertise-of.pdf
    • http://www.gorillawalker.com/national-geographic-readers-hang-on-monkey.pdf
    • http://www.gorillawalker.com/functional-analysis-a-primer-chapman-hall-pure-and-applied-mathematics.pdf
    • http://www.gorillawalker.com/danger-in-the-cards.pdf
    • http://www.gorillawalker.com/chi-kung-del-cambio-musculo-tendon-y-lavado-medula-cerebro.pdf
    • http://www.gorillawalker.com/extra-credit-interracial-cuckolding-milf-erotica-book-4.pdf
    • http://www.gorillawalker.com/encyclopedia-of-romantic-ballads-98-sheet-music-voice-piano-guitar.pdf
    • http://www.gorillawalker.com/microsoft-sql-server-2012-unleashed.pdf
    • http://www.gorillawalker.com/samsara.pdf
    • http://www.gorillawalker.com/rhetoric-and-history-in-revolutionary-new-england.pdf
    • http://www.gorillawalker.com/a-backpacker-s-guide-to-philmont-paperback.pdf
    • http://www.gorillawalker.com/emerging-technologies-in-distance-education-issues-in-distance-education.pdf
    • http://www.gorillawalker.com/helping-nature-s-bounty-a-discussion-of-insect-control-potato.pdf
    • http://www.gorillawalker.com/tennis-for-dummies.pdf
    • http://www.gorillawalker.com/types-of-the-levitical-offerings-kindle-edition.pdf
    • http://www.gorillawalker.com/eichmann-s-men.pdf
    • http://www.gorillawalker.com/safe-area-gorazde-s-c.pdf
    • http://www.gorillawalker.com/yankee-belles-in-dixie-bonnets-and-bugles-book-2.pdf
    • http://www.gorillawalker.com/camila-the-tale-of-a-vampire.pdf
    • http://www.gorillawalker.com/the-seven-storey-mountain-kindle-edition.pdf
    • http://www.gorillawalker.com/the-angry-hipster-dots.pdf
    • http://www.gorillawalker.com/so-you-want-to-be-customer-centric-8-steps-to.pdf
    • http://www.gorillawalker.com/maude-adams-idol-of-american-theater-1872-1953.pdf
    • http://www.gorillawalker.com/the-eternity-quartet-snaring-the-smoke.pdf
    • http://www.gorillawalker.com/un-libro-ilustrado-sobre-cristobal-colon-picture-book-of-christopher.pdf
    • http://www.gorillawalker.com/combinatorial-methods-in-density-estimation-springer-series-in-statistics.pdf
    • http://www.gorillawalker.com/merriam-webster-s-medical-desk-dictionary-no-26.pdf
    • http://www.gorillawalker.com/city-life-from-jakarta-to-dakar-movements-at-the-crossroads.pdf
    • http://www.gorillawalker.com/transmonstrified-stories-from-monster-haven-and-other-places-close-to.pdf
    • http://www.gorillawalker.com/anatomy-physiology-text-and-laboratory-manual-package-9e.pdf
    • http://www.gorillawalker.com/101-posturas-sexuales-101-sexual-postures-101-formas-de-encontrar.pdf
    • http://www.gorillawalker.com/the-heart-of-sicily-recipes-and-reminiscences-of-regaleali-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.