Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0876a80ef7e81a3…

MALICIOUS

PDF

34.9 KB Created: 2020-01-17 19:20:03 +03:00 Authoring application: soft Xpansion Perfect PDF 5 Premium (via PDF Xpansion 5.7.8)
MD5: 3bed4226216f2541f9c6e4ef1d4d1d33 SHA-1: adbf2c55474a63844a28b854018ebcffea1f3c15 SHA-256: f0876a80ef7e81a3ef80c19638574e604231d8a3e43a1d12fc7d43bc481f3e59
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document is designed to drive traffic to a website hosting numerous files, potentially for SEO manipulation or as a distribution point for other malicious content. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hamlet-spanish-edition.pdf
    • http://www.gorillawalker.com/chemistry-for-changing-times-olp-without-etext.pdf
    • http://www.gorillawalker.com/why-am-i-always-so-tired-discover-how-correcting-your.pdf
    • http://www.gorillawalker.com/the-making-of-global-capitalism-the-political-economy-of-american.pdf
    • http://www.gorillawalker.com/the-big-book-of-swimming-pool-games-turn-your-swimming.pdf
    • http://www.gorillawalker.com/book-of-curious-and-interesting-puzzles-dover-recreational-math.pdf
    • http://www.gorillawalker.com/new-york-power.pdf
    • http://www.gorillawalker.com/principles-of-modern-architecture.pdf
    • http://www.gorillawalker.com/mechanisms-of-inorganic-reactions.pdf
    • http://www.gorillawalker.com/parallel-systems-in-the-data-warehouse-data-warehousing-institute-series.pdf
    • http://www.gorillawalker.com/phonological-evidence-from-the-continental-runic-inscriptions-rga-e-79.pdf
    • http://www.gorillawalker.com/the-truth-about-style.pdf
    • http://www.gorillawalker.com/glencoe-algebra-concepts-and-applications-student-edition.pdf
    • http://www.gorillawalker.com/using-gnu-fortran-manual-for-gcc-version-4-3-3.pdf
    • http://www.gorillawalker.com/active-control-of-noise-and-vibration.pdf
    • http://www.gorillawalker.com/shadow-stalker-part-2-episodes-7-12-shadow-stalker-bundles.pdf
    • http://www.gorillawalker.com/figure-photography-lighting-and-composition.pdf
    • http://www.gorillawalker.com/basic-hydraulics-fluid-power-workhorse.pdf
    • http://www.gorillawalker.com/relativistic-quantum-theory-part-1-course-of-theoretical-physics-vol.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-mckeague-s-elementary-algebra-8th.pdf
    • http://www.gorillawalker.com/minerals-geology-landforms-minerals-and-rocks.pdf
    • http://www.gorillawalker.com/one-mind-how-our-individual-mind-is-part-of-a.pdf
    • http://www.gorillawalker.com/connecting-the-dots-from-erb-s-palsy-to-anorexia-nervosa.pdf
    • http://www.gorillawalker.com/softball-journal.pdf
    • http://www.gorillawalker.com/classics-for-the-developing-pianist-bk-1-core-repertoire-for.pdf
    • http://www.gorillawalker.com/job-and-the-excess-of-evil.pdf
    • http://www.gorillawalker.com/every-patient-tells-a-story-medical-mysteries-and-the-art.pdf
    • http://www.gorillawalker.com/management-of-the-patient-in-the-coronary-care-unit.pdf
    • http://www.gorillawalker.com/frommer-s-new-york-city-2012-frommer-s-color-complete.pdf
    • http://www.gorillawalker.com/bad-blood-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/john-quincy-adams-the-american-presidents-series.pdf
    • http://www.gorillawalker.com/lord-byron-s-strength-romantic-writing-and-commercial-society.pdf
    • http://www.gorillawalker.com/hidden-teachings-of-tibet-an-explanation-of-the-terma-tradition.pdf
    • http://www.gorillawalker.com/subnature-and-supernature-in-the-physiology-of-plant-and-man.pdf
    • http://www.gorillawalker.com/the-ionian-islands-in-the-bronze-age-and-early-iron.pdf
    • http://www.gorillawalker.com/future-directions-of-fuzzy-theory-and-systems.pdf
    • http://www.gorillawalker.com/pat-cat-and-rat-we-read-phonics-level-1-quality.pdf
    • http://www.gorillawalker.com/air-domain-surveillance-and-intelligence-integration-plan-kindle-edition.pdf
    • http://www.gorillawalker.com/dise-o-instruccional-para-aprendizaje-en-l-nea-gu-a.pdf
    • http://www.gorillawalker.com/crafting-with-tissue-paper-crafts-how-to-library.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.