Malicious PDF — malware analysis report

Static analysis result for SHA-256 f6cfe3f08c17d033…

MALICIOUS

PDF

44.8 KB Created: 2018-11-30 20:35:21 +03:00 Authoring application: mPDF 6.0
MD5: 16730e908e14df8bf3a8acb795bdf24f SHA-1: 3fc4c82dd4d0ca01e442690ff07409de24f3e596 SHA-256: f6cfe3f08c17d033b81c19c3314463c510bc3dc8dc15a782745fc6e7a4fa89fc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a website hosting numerous PDF files, likely for SEO spam or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/old-english-organ-music-for-manuals-book-2-bk-2.pdf
    • http://www.gorillawalker.com/through-the-fire-and-through-the-water-my-triumph-over.pdf
    • http://www.gorillawalker.com/christos-nikise-on-john-buchan-s-grave.pdf
    • http://www.gorillawalker.com/jack-nicklaus-simply-the-best.pdf
    • http://www.gorillawalker.com/the-possibility-of-an-island-vintage-international.pdf
    • http://www.gorillawalker.com/fox-outfoxed.pdf
    • http://www.gorillawalker.com/office-entertainer.pdf
    • http://www.gorillawalker.com/attending-marvels-a-patagonian-journal.pdf
    • http://www.gorillawalker.com/asuntos-internos-el-lado-secreto-del-liderazgo-especialidades-juveniles-spanish.pdf
    • http://www.gorillawalker.com/the-lost-light-an-interpretation-of-ancient-scriptures.pdf
    • http://www.gorillawalker.com/die-spezielle-relativit-tstheorie-m-i-t-einf-hrungskurs-physik.pdf
    • http://www.gorillawalker.com/our-creed-for-every-culture-and-every-generation.pdf
    • http://www.gorillawalker.com/trinity-blood-rage-against-the-moons-volume-3-know-faith.pdf
    • http://www.gorillawalker.com/anti-english-propaganda-in-the-time-of-queen-elizabeth-being.pdf
    • http://www.gorillawalker.com/boo-and-baa-get-wet.pdf
    • http://www.gorillawalker.com/gerulata-the-lamps-a-survey-of-roman-lamps-in-pannonia.pdf
    • http://www.gorillawalker.com/biblioteca-historica-historical-library-libros-i-iii-spanish-edition.pdf
    • http://www.gorillawalker.com/studies-in-the-origins-of-early-islamic-culture-and-tradition.pdf
    • http://www.gorillawalker.com/the-women-s-sports-foundation-s-cookbook-includes-recipes-from.pdf
    • http://www.gorillawalker.com/disney-keyboard-starter-kit-electronic-keyboard.pdf
    • http://www.gorillawalker.com/indian-ocean-seychelles-mahe-and-praslin-and-approaches-sudoc-d.pdf
    • http://www.gorillawalker.com/deemer-on-technical-analysis-expert-insights-on-timing-the-market.pdf
    • http://www.gorillawalker.com/getting-things-done-the-art-of-stress-free-productivity-kindle.pdf
    • http://www.gorillawalker.com/dr-mercola-s-total-health-program-the-proven-plan-to.pdf
    • http://www.gorillawalker.com/premier-piano-course-performance-1b-alfred-s-premier-piano-course.pdf
    • http://www.gorillawalker.com/treasury-management-the-practitioner-s-guide.pdf
    • http://www.gorillawalker.com/ortograf-a-b-sica-de-la-lengua-espa-ola-spanish.pdf
    • http://www.gorillawalker.com/forbidden-erotic-vampire-tales-vol-2.pdf
    • http://www.gorillawalker.com/affliction-z-descended-in-blood-post-apocalyptic-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/the-insiders-guide-to-cape-cod-nantucket-and-martha-s.pdf
    • http://www.gorillawalker.com/c-diff-our-gut-wrenching-road-to-recovery-kindle-edition.pdf
    • http://www.gorillawalker.com/eleanor-roosevelt-first-lady-of-the-world-women-of-our.pdf
    • http://www.gorillawalker.com/the-first-part-last.pdf
    • http://www.gorillawalker.com/how-to-keep-slim-healthy-and-young-with-juice-fasting.pdf
    • http://www.gorillawalker.com/the-essays-or-counsels-civil-andmoral-of-francis-ld-verulam.pdf
    • http://www.gorillawalker.com/the-value-of-corporate-strategic-management-article-kindle-edition.pdf
    • http://www.gorillawalker.com/plausible-planets-kindle-edition.pdf
    • http://www.gorillawalker.com/shivers-6.pdf
    • http://www.gorillawalker.com/studying-disability-arts-and-culture-an-introduction.pdf
    • http://www.gorillawalker.com/vector-bundles-on-complex-projective-spaces-progress-in-mathematics.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.