Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8e3621ee7d82e18…

MALICIOUS

PDF

43.8 KB Created: 2019-03-19 10:51:26 +03:00 Authoring application: Acrobat PDFMaker 10.0 for Word (via Adobe PDF Library 10.0)
MD5: aaad0881853d0f08fd171dcc739ffcdc SHA-1: bdc2678d948ddf2216e429de65db029070c1f80f SHA-256: f8e3621ee7d82e182856db022d5725add324645679246130accfe702be53fdec
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body contains numerous URLs, suggesting a link farm or SEO poisoning attempt to direct users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tintinnabulum-the-liturgical-use-of-handbells.pdf
    • http://www.gorillawalker.com/the-hanle-effect-and-level-crossing-spectroscopy-physics-of-atoms.pdf
    • http://www.gorillawalker.com/powers-of-two-finding-the-essence-of-innovation-in-creative.pdf
    • http://www.gorillawalker.com/he-became-her-french-maid-a-novella.pdf
    • http://www.gorillawalker.com/money-still-doesn-t-grow-on-trees-a-parent-s.pdf
    • http://www.gorillawalker.com/living-language-hebrew-essential-edition-beginner-course-including-coursebook-3.pdf
    • http://www.gorillawalker.com/spa-menus-and-music-sharon-o-connor-s-menus-and.pdf
    • http://www.gorillawalker.com/african-american-art-and-artists.pdf
    • http://www.gorillawalker.com/the-voices-of-morebath.pdf
    • http://www.gorillawalker.com/365-favorite-bible-verses-calendar-2003.pdf
    • http://www.gorillawalker.com/quantitative-chemical-analysis-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-king-of-debris-vol-1.pdf
    • http://www.gorillawalker.com/the-key-to-jamaica-1995-96.pdf
    • http://www.gorillawalker.com/writing-and-grammar-9-test-pack.pdf
    • http://www.gorillawalker.com/todo-sobre-la-piel-estrategias-medicas-para-retardar-el-envejecimiento.pdf
    • http://www.gorillawalker.com/china-construction-plans-for-proposed-liquid-crystal-display-lcd-module.pdf
    • http://www.gorillawalker.com/emergence-labeled-autistic.pdf
    • http://www.gorillawalker.com/in-house-mcinturff-architects.pdf
    • http://www.gorillawalker.com/painting-in-latin-america-1550-1820-from-conquest-to-independence.pdf
    • http://www.gorillawalker.com/knowledge-reuse-and-agile-processes-catalysts-for-innovation-premier-reference.pdf
    • http://www.gorillawalker.com/erotica-short-stories-of-sex-2-lust-erotica-short-stories.pdf
    • http://www.gorillawalker.com/norse-mythology-the-norse-gods-thor-odin-and-loki-the.pdf
    • http://www.gorillawalker.com/gabriel-and-the-black-candy-circus.pdf
    • http://www.gorillawalker.com/how-to-draw-the-human-figure-complete-guide.pdf
    • http://www.gorillawalker.com/new-methods-for-the-analysis-of-change-decade-of-behavior.pdf
    • http://www.gorillawalker.com/the-silence-of-the-fallen-kindle-edition.pdf
    • http://www.gorillawalker.com/murder-london-miami-inspector-west.pdf
    • http://www.gorillawalker.com/still-points-north-one-alaskan-childhood-one-grown-up-world.pdf
    • http://www.gorillawalker.com/an-oral-formulaic-study-of-the-qur-an.pdf
    • http://www.gorillawalker.com/wife-no-19-the-life-ordeals-of-a-mormon-woman.pdf
    • http://www.gorillawalker.com/taken-love.pdf
    • http://www.gorillawalker.com/line-by-line-beginning-stories-for-learners-of-english-second.pdf
    • http://www.gorillawalker.com/becoming-socialized-in-student-affairs-administration-a-guide-for-new.pdf
    • http://www.gorillawalker.com/how-to-build-the-ocean-pointer-a-strip-built-19.pdf
    • http://www.gorillawalker.com/the-jazz-harp-harmonica-book.pdf
    • http://www.gorillawalker.com/an-introduction-to-stochastic-dynamics-cambridge-texts-in-applied-mathematics.pdf
    • http://www.gorillawalker.com/cursed-days-diary-of-a-revolution.pdf
    • http://www.gorillawalker.com/pizza-traditional-and-contemporary-recipes-for-the-perfect-pizzas.pdf
    • http://www.gorillawalker.com/stress-test-reflections-on-financial-crises.pdf
    • http://www.gorillawalker.com/the-great-southern-food-festival-cookbook-celebrating-everything-from-peaches.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.