Malicious PDF — malware analysis report

Static analysis result for SHA-256 de90c81a688fb90d…

MALICIOUS

PDF

34.5 KB Created: 2019-12-14 04:37:30 +03:00 Authoring application: PFU ScanSnap Manager 4.2.14 (via Adobe PDF Scan Library 2.3)
MD5: 18bf22781863393e31ab2bf85234d23a SHA-1: b9a83dfb079839d953d8e9b375aa6fad8395592c SHA-256: de90c81a688fb90dd6ed319598c0e0a5dfcfc6a0514871adf0fe0d6546746f6b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO poisoning or to redirect users to malicious sites. The document body is heavily obfuscated and does not provide further clues.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8531

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/james-hamilton-of-south-carolina-southern-biography-series.pdf
    • http://www.gorillawalker.com/the-mythology-of-brahma.pdf
    • http://www.gorillawalker.com/the-world-s-most-amazing-volcanoes-landform-top-tens.pdf
    • http://www.gorillawalker.com/sport-psychology-contemporary-themes.pdf
    • http://www.gorillawalker.com/calligraphy-kit-a-complete-kit-for-beginners.pdf
    • http://www.gorillawalker.com/fathers-with-love-m-i-l-k.pdf
    • http://www.gorillawalker.com/orthodox-christianity-volume-ii-doctrine-and-teaching-of-the-orthodox.pdf
    • http://www.gorillawalker.com/please-eat.pdf
    • http://www.gorillawalker.com/nelson-handwriting-developing-skills-book-4-bk-4.pdf
    • http://www.gorillawalker.com/environmental-conservation-officer-trainee-passbooks.pdf
    • http://www.gorillawalker.com/your-church-can-thrive-making-the-connections-that-build-healthy.pdf
    • http://www.gorillawalker.com/a-complete-course-of-lithography.pdf
    • http://www.gorillawalker.com/algebra-1-noteables-interactive-study-notebook-with-foldables-california-edition.pdf
    • http://www.gorillawalker.com/chemistry-of-space-new-chemistry.pdf
    • http://www.gorillawalker.com/construction-failure-2nd-edition.pdf
    • http://www.gorillawalker.com/travellers-survival-kit-western-europe.pdf
    • http://www.gorillawalker.com/aware-an-inquiry-into-consciousness-our-psychedelic-quest-for-life.pdf
    • http://www.gorillawalker.com/green-buildings-pay-design-productivity-and-ecology.pdf
    • http://www.gorillawalker.com/the-black-father-of-civilization-a-negro-explorer-negro-in.pdf
    • http://www.gorillawalker.com/handbook-of-fermented-functional-foods-second-edition-functional-foods-and.pdf
    • http://www.gorillawalker.com/the-face-of-the-third-reich-portraits-of-the-nazi.pdf
    • http://www.gorillawalker.com/from-emperor-to-citizen-the-autobiography-of-aisin-gioro-pu.pdf
    • http://www.gorillawalker.com/riches-rivals-radicals-100-years-of-museums-in-america-signed.pdf
    • http://www.gorillawalker.com/combinatoric-and-graph-theory-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/anna-lombard-late-victorian-and-early-modernist-women.pdf
    • http://www.gorillawalker.com/explorations-emily-s-journey-home-kindle-edition.pdf
    • http://www.gorillawalker.com/indian-birds.pdf
    • http://www.gorillawalker.com/candy-fairies-4-books-in-1-chocolate-dreams-rainbow-swirl.pdf
    • http://www.gorillawalker.com/tennis-in-action-on-court-drills-practice-games-and-tests.pdf
    • http://www.gorillawalker.com/much-ado-about-nothing-a-collection-of-critical-essays-20th.pdf
    • http://www.gorillawalker.com/human-rights-as-a-way-of-life-on-bergson-s.pdf
    • http://www.gorillawalker.com/the-brewer-medical-diet-for-normal-and-high-risk-pregnancy.pdf
    • http://www.gorillawalker.com/the-jeffrey-journey-2010-edition.pdf
    • http://www.gorillawalker.com/digital-art-and-meaning-reading-kinetic-poetry-text-machines-mapping.pdf
    • http://www.gorillawalker.com/aramaic-peshitta-new-testament-vertical-interlinear-volume-iii.pdf
    • http://www.gorillawalker.com/food-waste-to-animal-feed.pdf
    • http://www.gorillawalker.com/road-through-the-rain-forest-living-anthropology-in-highland-papua.pdf
    • http://www.gorillawalker.com/reminiscences-bluejacket-books.pdf
    • http://www.gorillawalker.com/ballpoint-art-pack-cool-techniques-and-creative-explorations-for-drawing.pdf
    • http://www.gorillawalker.com/john-maynard-keynes-hopes-betrayed-1883-1920-vol-1.pdf
    • http://www.gorillawalker.com/your-church-can-thrive-making-the-connections-that-build-healthy
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.