Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa76ca99aa1218e6…

MALICIOUS

PDF

33.2 KB Created: 2019-11-10 05:17:52 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: f7817e1267464f319704c311c5a7e38c SHA-1: 9c5fd93163cb5ce697928f759ea98f5c6f4b6ea6 SHA-256: fa76ca99aa1218e683731f0e05963b83b7681993d9cc1dc78720bbf77c4a5e97
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to host further malicious content. The primary IOCs are the numerous URLs embedded within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/administrative-law-civil-servants-v-text-1999-isbn-4885878756-japanese.pdf
    • http://www.gorillawalker.com/cook-s-encyclopedia-pull-out-meat-love-food.pdf
    • http://www.gorillawalker.com/existence-and-the-existent.pdf
    • http://www.gorillawalker.com/a-simple-guide-to-cosmetic-surgery-and-associated-procedures-a.pdf
    • http://www.gorillawalker.com/the-elephant-in-the-playroom-ordinary-parents-write-intimately-and.pdf
    • http://www.gorillawalker.com/you-have-a-soul-it-weighs-nothing-but-means-everything.pdf
    • http://www.gorillawalker.com/i-used-to-know-that-world-history-intriguing-facts-about.pdf
    • http://www.gorillawalker.com/terence-donovan-the-photographs.pdf
    • http://www.gorillawalker.com/chocolate-flowers.pdf
    • http://www.gorillawalker.com/conversations-on-the-edge-narratives-of-ethics-and-illness.pdf
    • http://www.gorillawalker.com/anxiety-and-related-disorders-interview-schedule-for-dsm-5-adis.pdf
    • http://www.gorillawalker.com/the-wesleyan-holiness-movement-a-comprehensive-guide-atla-bibliography-series.pdf
    • http://www.gorillawalker.com/muffin-recipes-from-scratch-20-sweet-and-savory-recipes-kindle.pdf
    • http://www.gorillawalker.com/body-language-the-ultimate-body-language-guide-for-men.pdf
    • http://www.gorillawalker.com/scooters-automatic-transmission-50-to-250cc-two-wheel-carbureted-models.pdf
    • http://www.gorillawalker.com/pace-picante-sauce.pdf
    • http://www.gorillawalker.com/against-all-odds-never-give-up-good-sports.pdf
    • http://www.gorillawalker.com/transport-phenomena-a-unified-approach-vol-1.pdf
    • http://www.gorillawalker.com/the-ecology-of-fossils-an-illustrated-guide.pdf
    • http://www.gorillawalker.com/philosophy-of-the-encounter-later-writings-1978-1987.pdf
    • http://www.gorillawalker.com/marduk-s-tablet-what-if-the-legend-is-true.pdf
    • http://www.gorillawalker.com/the-arab-israeli-dilemma-contemporary-issues-in-the-middle-east.pdf
    • http://www.gorillawalker.com/old-legs-and-pebbles.pdf
    • http://www.gorillawalker.com/perseus-and-medusa-graphic-greek-myths-and-legends.pdf
    • http://www.gorillawalker.com/arbitration-act-1940-india-kindle-edition.pdf
    • http://www.gorillawalker.com/girls-night-out.pdf
    • http://www.gorillawalker.com/sugar-gliders-early-bird-nature-books.pdf
    • http://www.gorillawalker.com/the-venus-button.pdf
    • http://www.gorillawalker.com/when-sam-cries.pdf
    • http://www.gorillawalker.com/clep-humanities-exam-secrets-study-guide-clep-test-review-for.pdf
    • http://www.gorillawalker.com/the-sweet-life-desserts-from-chanterelle.pdf
    • http://www.gorillawalker.com/jake-s-time-travel-holiday-kindle-edition.pdf
    • http://www.gorillawalker.com/equitable-principles-of-maritime-boundary-delimitation-the-quest-for-distributive.pdf
    • http://www.gorillawalker.com/moonwar.pdf
    • http://www.gorillawalker.com/soul-of-the-sword-an-illustrated-history-of-weaponry-and.pdf
    • http://www.gorillawalker.com/hubris-the-inside-story-of-spin-scandal-and-the-selling.pdf
    • http://www.gorillawalker.com/understanding-solids-the-science-of-materials.pdf
    • http://www.gorillawalker.com/hamptons-gardens.pdf
    • http://www.gorillawalker.com/xx-congreso-geologico-internacional-xxa-sesion-ciudad-de-mexico-1956.pdf
    • http://www.gorillawalker.com/shanghai-tourist-map-english-and-chinese-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.