Malicious PDF — malware analysis report

Static analysis result for SHA-256 f277ac4f93e6ace2…

MALICIOUS

PDF

41.8 KB Created: 2018-12-07 18:29:52 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 646247d1c501624c07293ded9e2575d3 SHA-1: d3912547a0b27c61d1c9b4a63ffa37ad08e1a499 SHA-256: f277ac4f93e6ace223f62ece75137fbf61386f3bb93f88ff44cf5666de3aeb62
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated and unreadable, the presence of numerous links to external PDF files suggests a malicious intent, possibly for SEO manipulation or to redirect users to further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-work-of-the-pastor.pdf
    • http://www.gorillawalker.com/ruth-from-alienation-to-monarchy.pdf
    • http://www.gorillawalker.com/developments-in-biotechnology.pdf
    • http://www.gorillawalker.com/astrid-darby-and-the-circus-in-the-sky-an-astrid.pdf
    • http://www.gorillawalker.com/the-armenians-from-kings-and-priests-to-merchants-and-commissars.pdf
    • http://www.gorillawalker.com/el-abrazo-de-las-tinieblas-ebook-epub-la-ca-da.pdf
    • http://www.gorillawalker.com/2015-classic-cars-wall-calendar-willow-creek-press-jg.pdf
    • http://www.gorillawalker.com/samuel-beckett-waiting-for-godot-endgame-krapp-s-last-tape.pdf
    • http://www.gorillawalker.com/small-business-tax-reform-in-australia-the-1999-review-of.pdf
    • http://www.gorillawalker.com/turkmenistan-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/when-kids-can-t-read-what-teachers-can-do.pdf
    • http://www.gorillawalker.com/tai-chi-teaching-and-training-in-chinese-english.pdf
    • http://www.gorillawalker.com/sex-kittens-single-cats-seeking-same.pdf
    • http://www.gorillawalker.com/trails-to-testimony-bringing-young-men-to-christ-through-scouting.pdf
    • http://www.gorillawalker.com/annual-bibliography-of-the-history-of-the-printed-book-and.pdf
    • http://www.gorillawalker.com/plants-world-of-science.pdf
    • http://www.gorillawalker.com/professional-responsibility-a-student-s-guide.pdf
    • http://www.gorillawalker.com/memories-moments.pdf
    • http://www.gorillawalker.com/mrs-beach-loved-to-teach-accountability-and-school-choice.pdf
    • http://www.gorillawalker.com/animals-anonymous-nandi-and-ashu-s-story-kindle-edition.pdf
    • http://www.gorillawalker.com/a-brief-introduction-to-social-work-theory.pdf
    • http://www.gorillawalker.com/passing-the-georgia-end-of-course-test-in-biology.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-the-hymnal-2-books.pdf
    • http://www.gorillawalker.com/alg-bre-chapitre-9-elements-de-mathematique-french-edition.pdf
    • http://www.gorillawalker.com/public-enemies-dueling-writers-take-on-each-other-and-the.pdf
    • http://www.gorillawalker.com/the-call-to-create-kindle-edition.pdf
    • http://www.gorillawalker.com/lonely-planet-poland-country-travel-guide-by-neal-bedford-steve.pdf
    • http://www.gorillawalker.com/your-body-battles-a-broken-bone.pdf
    • http://www.gorillawalker.com/el-libro-de-las-salsas-the-book-of-sauces-gastronomia.pdf
    • http://www.gorillawalker.com/after-the-kiss.pdf
    • http://www.gorillawalker.com/the-garden-in-the-beginning.pdf
    • http://www.gorillawalker.com/take-a-girl-like-you-nyrb-classics.pdf
    • http://www.gorillawalker.com/the-waiting-years.pdf
    • http://www.gorillawalker.com/i-want-my-tooth.pdf
    • http://www.gorillawalker.com/philippe-aries-and-the-politics-of-french-cultural-history-critical.pdf
    • http://www.gorillawalker.com/essential-logic-basic-reasoning-skills-for-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/the-added-value-playbook-kindle-edition.pdf
    • http://www.gorillawalker.com/just-looking-how-the-revolution-in-medical-education-influenced-the.pdf
    • http://www.gorillawalker.com/microparticulate-systems-for-the-delivery-of-proteins-and-vaccines-drugs.pdf
    • http://www.gorillawalker.com/american-drawings-and-watercolors-from-the-wadsworth-atheneum.pdf
    • http://www.gorillawalker.com/sam
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.