Malicious PDF — malware analysis report

Static analysis result for SHA-256 de4446c34ed4662f…

MALICIOUS

PDF

31.8 KB Created: 2019-12-09 22:22:12 +03:00 Authoring application: QuarkXPress(tm) 6.1
MD5: 33a45fc97e2ef6f3496ac4f8ba0a1913 SHA-1: 1cb5a14b33b3faf4780ec9e467f17e3b453e418f SHA-256: de4446c34ed4662f3440caa3d3134bb78588a22d8ff9dab7d7aefb8939a39f7b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, suggesting a link farm or SEO poisoning attempt. The primary heuristic indicates a mass external PDF link farm, with 32 links pointing to various topics. The document body appears to be heavily obfuscated or corrupted, preventing a clear understanding of its direct intent beyond hosting these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/satellite-to-ground-radiowave-propagation-electromagnetic-waves.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-sixty-minute-shakespeare-series.pdf
    • http://www.gorillawalker.com/how-to-do-everything-with-windows-mobile-kindle-edition.pdf
    • http://www.gorillawalker.com/sex-and-the-city-uncovered-exposing-the-emptiness-and-healing.pdf
    • http://www.gorillawalker.com/business-intelligence-strategy-a-practical-guide-for-achieving-bi-excellence.pdf
    • http://www.gorillawalker.com/rmm-the-second-oldest-profession.pdf
    • http://www.gorillawalker.com/jenni050-art-models-pose-kindle-edition.pdf
    • http://www.gorillawalker.com/el-gran-libro-del-tai-chi-chuan-historia-y-filosofia.pdf
    • http://www.gorillawalker.com/james-houston-s-treasury-of-inuit-legends-odyssey-classics-odyssey.pdf
    • http://www.gorillawalker.com/doodle-a-chalkboard-calendar-2011.pdf
    • http://www.gorillawalker.com/concepts-in-federal-taxation-2014.pdf
    • http://www.gorillawalker.com/the-santa-cruz-mountains-trail-book.pdf
    • http://www.gorillawalker.com/systematic-reviews-synthesis-of-best-evidence-for-health-care-decisions.pdf
    • http://www.gorillawalker.com/mistress-of-the-house-mistress-of-heaven-women-in-ancient.pdf
    • http://www.gorillawalker.com/clunies-ross-australian-visionary-miegunyah-press.pdf
    • http://www.gorillawalker.com/the-clinical-significance-of-simulation-and-modeling-in-leukemia-chemotherapy.pdf
    • http://www.gorillawalker.com/galaxy-angel-ii-volume-1.pdf
    • http://www.gorillawalker.com/habeas-corpses-halflife-chronicles.pdf
    • http://www.gorillawalker.com/information-dashboard-design-displaying-data-for-at-a-glance-monitoring.pdf
    • http://www.gorillawalker.com/in-the-trenches-at-corinth.pdf
    • http://www.gorillawalker.com/a-sound-start-phonemic-awareness-lessons-for-reading-success.pdf
    • http://www.gorillawalker.com/amazon-peacock-bass-fishing-top-tactics-for-top-locations-book.pdf
    • http://www.gorillawalker.com/victorian-fashions-and-costumes-from-harper-s-bazar-1867-1898.pdf
    • http://www.gorillawalker.com/the-victorian-age-in-literature-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/famine-as-a-geographical-phenomenon-geojournal-library.pdf
    • http://www.gorillawalker.com/shores-of-tripoli.pdf
    • http://www.gorillawalker.com/listening-to-western-music-with-introduction-to-listening-cd.pdf
    • http://www.gorillawalker.com/groundwater-discharge-tests-simulation-and-analysis.pdf
    • http://www.gorillawalker.com/interiors-an-introduction.pdf
    • http://www.gorillawalker.com/machine-sex-and-other-stories-tesseract-book.pdf
    • http://www.gorillawalker.com/appaloosa-spirit-spirit-of-the-horse-series.pdf
    • http://www.gorillawalker.com/confessions-of-a-serial-biographer-new-and-expanded-edition.pdf
    • http://www.gorillawalker.com/the-second-augustan-legion-and-the-roman-military-machine.pdf
    • http://www.gorillawalker.com/the-edwardses-of-halifax-the-making-and-selling-of-beautiful.pdf
    • http://www.gorillawalker.com/a-poem-and-a-passage-a-poetic-journey-through-john.pdf
    • http://www.gorillawalker.com/break-you-stake-you-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/policy-of-the-national-government-in-defense-of-the-rights.pdf
    • http://www.gorillawalker.com/no-time-for-heroes.pdf
    • http://www.gorillawalker.com/quick-easy-pizzas-cook-s-essentials.pdf
    • http://www.gorillawalker.com/the-religion-of-jesus-the-jew.pdf
    • http://www.gorillawalker.com/systematic-reviews-synthesis-of
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.