Malicious PDF — malware analysis report

Static analysis result for SHA-256 e9e3c7d3dfe0fb21…

MALICIOUS

PDF

47.2 KB Created: 2019-04-04 09:44:13 +03:00 Authoring application: - (via Haru Free PDF Library 2.1.0)
MD5: 05ba5df8c84cedaf0231c19c6c11fd27 SHA-1: cdf0fd5172c7ce3e29f02e713ede8fb28ec4ea32 SHA-256: e9e3c7d3dfe0fb213c268aee1987d4a6edc78f37d492795c75090f3180be80cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual content for analysis. The primary attack pattern appears to be a link farm designed to direct users to numerous external resources, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/manual-of-close-up-photography.pdf
    • http://www.gorillawalker.com/star-trek-gold-key-archives-volume-1.pdf
    • http://www.gorillawalker.com/guatemala-guide.pdf
    • http://www.gorillawalker.com/soul-surfer-a-true-story-of-faith-family-and-fighting.pdf
    • http://www.gorillawalker.com/the-submerged-state-how-invisible-government-policies-undermine-american-democracy.pdf
    • http://www.gorillawalker.com/thea-stilton-special-edition-the-secret-of-the-snow-a.pdf
    • http://www.gorillawalker.com/a-colour-atlas-of-anatomy-of-small-laboratory-animals-volume.pdf
    • http://www.gorillawalker.com/draining-the-styx-kindle-edition.pdf
    • http://www.gorillawalker.com/running-with-monsters-a-memoir.pdf
    • http://www.gorillawalker.com/historic-furnishings-report-alcatraz-island-main-prison-building.pdf
    • http://www.gorillawalker.com/the-bullying-workbook-for-teens-activities-to-help-you-deal.pdf
    • http://www.gorillawalker.com/instrumental-solotrax-volume-8-sacred-solos-for-bb-trumpet-clarinet.pdf
    • http://www.gorillawalker.com/billy-and-the-cloneasaurus.pdf
    • http://www.gorillawalker.com/art-catalog-of-museum-of-fine-arts-boston-wonderful-magnificent.pdf
    • http://www.gorillawalker.com/routledge-handbook-of-the-economics-of-climate-change-adaptation-routledge.pdf
    • http://www.gorillawalker.com/virginia-immigrants-and-adventurers-a-biographical-dictionary-1607-1635.pdf
    • http://www.gorillawalker.com/tree-disease-concepts-2nd-edition.pdf
    • http://www.gorillawalker.com/raymie-dickie-and-the-bean-why-i-love-and-hate.pdf
    • http://www.gorillawalker.com/tu-primer-millon-una-historia-de-perseverancia-y-liderazgo-indispensable.pdf
    • http://www.gorillawalker.com/sgaa-reference-technical-manual-a-comprehensive-guide-to-stained-glass.pdf
    • http://www.gorillawalker.com/solutions-manual-to-accompany-fundamentals-of-corporate-finance.pdf
    • http://www.gorillawalker.com/lolita-the-story-of-a-cover-girl-vladimir-nabokov-s.pdf
    • http://www.gorillawalker.com/norah-jones-come-away-with-me-piano-vocal-guitar-artist.pdf
    • http://www.gorillawalker.com/stuff-white-people-like-a-definitive-guide-to-the-unique.pdf
    • http://www.gorillawalker.com/assessing-learners-with-special-needs-an-applied-approach-enhanced-pearson.pdf
    • http://www.gorillawalker.com/kiss-guide-to-the-kama-sutra-keep-it-simple-guides.pdf
    • http://www.gorillawalker.com/one-the-same-connecting-fibromyalgia-chronic-fatigue-syndrome-candidiasis-immune.pdf
    • http://www.gorillawalker.com/just-for-fun-children-s-songs-for-mandolin-59-children.pdf
    • http://www.gorillawalker.com/we-love-death-as-you-love-life-britain-s-suburban.pdf
    • http://www.gorillawalker.com/little-bo-in-italy-the-continued-adventures-of-bonnie-boadicea.pdf
    • http://www.gorillawalker.com/the-minute-boys-of-bunker-hill-w-glossary.pdf
    • http://www.gorillawalker.com/dan-coates-popular-music-collection-for-the-advanced-player-vol.pdf
    • http://www.gorillawalker.com/local-flaps-in-facial-reconstruction-text-with-dvd-2e.pdf
    • http://www.gorillawalker.com/the-craft-of-revision.pdf
    • http://www.gorillawalker.com/from-marx-and-mao-to-the-market-the-economics-and.pdf
    • http://www.gorillawalker.com/vox-spanish-and-english-student-dictionary.pdf
    • http://www.gorillawalker.com/mushroom-growing-today.pdf
    • http://www.gorillawalker.com/historici-graeci-minores-cambridge-library-collection-classics-volume-1-latin.pdf
    • http://www.gorillawalker.com/antoine-plante-mountain-man-rancher-miner-guide-hostler-and-ferryman.pdf
    • http://www.gorillawalker.com/wild-horses-of-the-great-basin-social-competition-and-population.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.