Malicious PDF — malware analysis report

Static analysis result for SHA-256 e0f63772281e962f…

MALICIOUS

PDF

34.0 KB Created: 2020-01-10 17:21:43 +03:00 Authoring application: Adobe InDesign CC 2014 (Windows) (via Adobe PDF Library 11.0)
MD5: 74b98856e6ceb7a8186285e9130d2590 SHA-1: 48d5864c4b465a844a6a5e7295df7385785a6987 SHA-256: e0f63772281e962f718492d0008b840c56d29db9342beddb2c9438121ecb1871
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded external URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to redirect users to malicious sites. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/breckenridge-tennessee-pass-national-geographic-trails-illustrated-map.pdf
    • http://www.gorillawalker.com/the-2011-import-and-export-market-for-blankets-and-traveling.pdf
    • http://www.gorillawalker.com/the-fosters-keep-your-frenemies-close.pdf
    • http://www.gorillawalker.com/reverse-marketing.pdf
    • http://www.gorillawalker.com/amber-brown-is-not-a-crayon-the-amber-brown-series.pdf
    • http://www.gorillawalker.com/rats-lice-and-history-the-biography-of-a-bacillus.pdf
    • http://www.gorillawalker.com/the-archangel-response-a-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/aristotle-on-stasis-a-moral-psychology-of-political-conflict.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-choral-music-cambridge-companions-to-music.pdf
    • http://www.gorillawalker.com/guerrilla-advertising-unconventional-brand-communication.pdf
    • http://www.gorillawalker.com/plant-a-tree-for-me-sesame-street-123-sesame-street.pdf
    • http://www.gorillawalker.com/by-carol-farver-dail-and-hammar-s-pulmonary-pathology-volume.pdf
    • http://www.gorillawalker.com/love-at-first-stitch-demystifying-dressmaking.pdf
    • http://www.gorillawalker.com/chemistry-for-first-examinations.pdf
    • http://www.gorillawalker.com/handbook-of-polycyclic-hydrocarbons-part-a-benzenoid-hydrocarbons-physical-sciences.pdf
    • http://www.gorillawalker.com/speech-and-audio-signal-processing-processing-and-perception-of-speech.pdf
    • http://www.gorillawalker.com/changing-regime-discourse-and-reform-in-syria-st-andrews-papers.pdf
    • http://www.gorillawalker.com/diseno-grafico-spanish-edition.pdf
    • http://www.gorillawalker.com/military-planes-in-action-amazing-military-vehicles.pdf
    • http://www.gorillawalker.com/environmental-degradation-of-advanced-and-traditional-engineering-materials.pdf
    • http://www.gorillawalker.com/technology-strategies-for-the-hospitality-industry-2nd-edition.pdf
    • http://www.gorillawalker.com/iso-2026-1974-aircraft-connections-for-starting-engines-by-air.pdf
    • http://www.gorillawalker.com/ber-ttelser-ur-svenska-historien-volume-7-swedish-edition.pdf
    • http://www.gorillawalker.com/guerrilla-marketing-for-job-hunters-3-0-how-to-stand.pdf
    • http://www.gorillawalker.com/andante-con-br-o-memoria-de-mis-interacciones-con-los.pdf
    • http://www.gorillawalker.com/evolution-in-health-and-disease-oxford-biology.pdf
    • http://www.gorillawalker.com/florence-and-tuscany-aa-explorer.pdf
    • http://www.gorillawalker.com/the-calligrapher-s-art.pdf
    • http://www.gorillawalker.com/la-liberacion-del-mundo-una-respuesta-cristiana-al-islamismo-redical.pdf
    • http://www.gorillawalker.com/research-methods-in-second-language-acquisition-a-practical-guide.pdf
    • http://www.gorillawalker.com/comment-calcule-une-calculatrice-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/philippine-history-and-government-5th-edition-philippine-book.pdf
    • http://www.gorillawalker.com/a-history-of-modern-norway-1814-1972.pdf
    • http://www.gorillawalker.com/the-season-to-be-wary.pdf
    • http://www.gorillawalker.com/failure-to-progress-the-contraction-of-the-midwifery-profession.pdf
    • http://www.gorillawalker.com/essentials-of-crystallography-crystalline-solids-vol-1.pdf
    • http://www.gorillawalker.com/beginning-racquetball-wadsworth-activities.pdf
    • http://www.gorillawalker.com/urban-geography-an-analytical-approach.pdf
    • http://www.gorillawalker.com/christchurch-crimes-1850-150-75-scandal-skulduggery-in-port-town.pdf
    • http://www.gorillawalker.com/solving-problems-in-genetics.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.