Malicious PDF — malware analysis report

Static analysis result for SHA-256 e3e03d92893035d2…

MALICIOUS

PDF

46.2 KB Created: 2018-12-15 08:10:53 +03:00 Authoring application: ABBYY FineReader (via -)
MD5: 66b1f0d29abede3eaf72378365195a02 SHA-1: a83451f724bd64add2c7e28c52b777467968805c SHA-256: e3e03d92893035d273a6a314ba86fcdcd8c5287f0c18982c14c5d89b17acdf20
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation, phishing, or distributing further malware. The document body was unreadable, preventing a more specific assessment of the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/prehistory-of-the-eastern-arctic-new-world-archaeological-record.pdf
    • http://www.gorillawalker.com/the-family-letters-of-thomas-jefferson-tjmf.pdf
    • http://www.gorillawalker.com/harding-s-luck-new-edition-with-authentic-drawings.pdf
    • http://www.gorillawalker.com/mexican-expressions-expresiones-mexicanas-the-spice-of-a-people-el.pdf
    • http://www.gorillawalker.com/the-official-scratchjr-book.pdf
    • http://www.gorillawalker.com/the-girl-with-the-deep-blue-eyes.pdf
    • http://www.gorillawalker.com/dk-eyewitness-pocket-map-and-guide-dublin.pdf
    • http://www.gorillawalker.com/rekindle-your-marriage-how-to-save-your-marriage-with-your.pdf
    • http://www.gorillawalker.com/theories-of-international-politics-and-zombies-text-only-by-d.pdf
    • http://www.gorillawalker.com/computing-effect-sizes-for-meta-analysis-statistics-in-practice.pdf
    • http://www.gorillawalker.com/harmonie-entre-corps-et-esprit-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/diccionario-merriam-webster-de-sinonimos-y-antonimos-en-ingles-dictionary.pdf
    • http://www.gorillawalker.com/india-joint-venture-development-plans-for-proposed-202-000-000.pdf
    • http://www.gorillawalker.com/heat-kernels-and-analysis-on-manifolds-graphs-and-metric-spaces.pdf
    • http://www.gorillawalker.com/by-motor-to-the-golden-gate.pdf
    • http://www.gorillawalker.com/the-new-moosewood-cookbook-mollie-katzen-s-classic-cooking.pdf
    • http://www.gorillawalker.com/comfort-cooking-without-grains-and-refined-sugars.pdf
    • http://www.gorillawalker.com/critical-thinking-critical-thinking-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/imaging-the-sun-in-hard-x-rays-using-fourier-telescopes.pdf
    • http://www.gorillawalker.com/america-s-colorful-railroads.pdf
    • http://www.gorillawalker.com/masunaga-zen-shiatsu-ketsu.pdf
    • http://www.gorillawalker.com/asp-net-mvc-5-with-bootstrap-and-knockout-js-building.pdf
    • http://www.gorillawalker.com/little-hide-and-seek-things-that-go.pdf
    • http://www.gorillawalker.com/we-are-nothing-and-so-can-you.pdf
    • http://www.gorillawalker.com/christian-counselling-and-family-therapy-2nd-edit-principles-of-family.pdf
    • http://www.gorillawalker.com/direct-protection-of-innovation.pdf
    • http://www.gorillawalker.com/suzanne-kasler-timeless-style.pdf
    • http://www.gorillawalker.com/taboo-fantasies-i-promise-i-ll-be-good-kindle-edition.pdf
    • http://www.gorillawalker.com/the-parents-guide-to-swimming.pdf
    • http://www.gorillawalker.com/the-americans-louisiana-teacher-edition-grades-9-12-reconstruction-to.pdf
    • http://www.gorillawalker.com/life-in-a-medieval-castle-by-gary-l-blackwood-way.pdf
    • http://www.gorillawalker.com/the-franklin-institute-illinois-first-medical-school-being-also-a.pdf
    • http://www.gorillawalker.com/interpretacion-de-los-suenos-spanish-edition.pdf
    • http://www.gorillawalker.com/stalin-s-terror-of-1937-1938-political-genocide-in-the.pdf
    • http://www.gorillawalker.com/gluten-free-living-it-s-healthier-easier-than-you-think.pdf
    • http://www.gorillawalker.com/nick-fury-agent-of-shield-empyre.pdf
    • http://www.gorillawalker.com/shakespeare-the-two-traditions.pdf
    • http://www.gorillawalker.com/ibm-rational-unified-process-reference-and-certification-guide-solution-designer.pdf
    • http://www.gorillawalker.com/mono-taxali.pdf
    • http://www.gorillawalker.com/ultrasound-in-subfertility-routine-applications-and-diagnostic-challenges.pdf
    • http://www.gorillawalker.com/rekindle-your-marriage-how-to-save-your-marriage-with-your
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.