Malicious PDF — malware analysis report

Static analysis result for SHA-256 f75d4cf2032d8b2e…

MALICIOUS

PDF

33.3 KB Created: 2019-12-13 05:21:29 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: ce093320a67b2e1f6daea613a305de7e SHA-1: be7d68979a86362cfaf8e5a96f564f5d84a9b9a4 SHA-256: f75d4cf2032d8b2ecc8fb5d26f4de7a95eeb8be340b8ea345810124682aaf6b8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of external PDF links, suggesting a link farm or distribution mechanism. The ML classifier also flagged the document as malicious. The embedded URLs point to a single domain, indicating a coordinated effort to host or link to numerous PDF files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-correct-your-own-mistakes-in-english-by-simply.pdf
    • http://www.gorillawalker.com/lessons-from-the-economic-crisis-in-spain-europe-in-transition.pdf
    • http://www.gorillawalker.com/the-south-american-gentleman-s-companion-2-volume-set.pdf
    • http://www.gorillawalker.com/kristin-comes-home.pdf
    • http://www.gorillawalker.com/family-law-in-louisiana-first-edition-2009.pdf
    • http://www.gorillawalker.com/see-mips-run-second-edition-the-morgan-kaufmann-series-in.pdf
    • http://www.gorillawalker.com/the-natural-and-handmade-soap-book-20-delightful-and-delicate.pdf
    • http://www.gorillawalker.com/broken-promise.pdf
    • http://www.gorillawalker.com/bali-travel-map.pdf
    • http://www.gorillawalker.com/harland-county-christmas-harland-county-series-kindle-edition.pdf
    • http://www.gorillawalker.com/john-muir-his-life-and-letters-and-other-writings.pdf
    • http://www.gorillawalker.com/rationalizing-justice-the-political-economy-of-federal-courts-suny-series.pdf
    • http://www.gorillawalker.com/case-studies-of-near-misses-in-clinical-anesthesia.pdf
    • http://www.gorillawalker.com/epistemology-and-emotions-ashgate-epistemology-and-mind-series.pdf
    • http://www.gorillawalker.com/the-gate-a-collection-of-poems.pdf
    • http://www.gorillawalker.com/confrontemos-las-potestades-c-mo-la-iglesia-neotestamentaria-experiment-el.pdf
    • http://www.gorillawalker.com/popout-popout-toronto-world-popout-maps.pdf
    • http://www.gorillawalker.com/an-analytical-digest-of-the-law-and-practice-of-the.pdf
    • http://www.gorillawalker.com/movie-themes-12-memorable-themes-from-the-greatest-movies-of.pdf
    • http://www.gorillawalker.com/huevo-todos-los-d-as-spanish-edition.pdf
    • http://www.gorillawalker.com/aesthetic-theory-bloomsbury-revelations.pdf
    • http://www.gorillawalker.com/homegrown-holography.pdf
    • http://www.gorillawalker.com/ebony-amateurs-bare-all-vol-5-a-photo-collection.pdf
    • http://www.gorillawalker.com/methods-of-molecular-analysis-in-the-life-sciences.pdf
    • http://www.gorillawalker.com/writing-after-retirement-tips-from-successful-retired-writers.pdf
    • http://www.gorillawalker.com/an-integrated-system-of-classification-of-flowering-plants.pdf
    • http://www.gorillawalker.com/art-williams-coach-the-a-l-williams-story-how-a.pdf
    • http://www.gorillawalker.com/trauma-focused-cbt-for-children-and-adolescents-treatment-applications.pdf
    • http://www.gorillawalker.com/easy-microsoft-word-2000.pdf
    • http://www.gorillawalker.com/southern-politics-in-the-1990s.pdf
    • http://www.gorillawalker.com/sex-versus-survival-the-life-and-ideas-of-sabina-spielrein.pdf
    • http://www.gorillawalker.com/art-font-fonts-and-font-design-logo-design-books-chinese.pdf
    • http://www.gorillawalker.com/keyboard-and-piano-course-bk-3.pdf
    • http://www.gorillawalker.com/essence-of-decision-explaining-the-cuban-missile-crisis.pdf
    • http://www.gorillawalker.com/echoes-of-tiger-stadium.pdf
    • http://www.gorillawalker.com/guide-to-the-euphonium-repertoire-the-euphonium-source-book-indiana.pdf
    • http://www.gorillawalker.com/sobolev-spaces-volume-140-second-edition-pure-and-applied-mathematics.pdf
    • http://www.gorillawalker.com/turf-and-garden-fertilizer-handbook.pdf
    • http://www.gorillawalker.com/hey-kids-let-s-visit-a-cruise-ship-fun-facts.pdf
    • http://www.gorillawalker.com/guide-to-hipaa-auditing-practical-tools-for-privacy-and-security.pdf
    • http://www.gorillawalker.co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.pdf-tools.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.