Malicious PDF — malware analysis report

Static analysis result for SHA-256 fad3d929952516d0…

MALICIOUS

PDF

30.2 KB Created: 2019-12-13 20:48:29 +03:00 Authoring application: Adobe InDesign CC 2014 (Windows) (via Adobe PDF Library 11.0)
MD5: ce59d760d09edf03b76296aa6cb3d86a SHA-1: 19f046bece5ae086c495fd700cfe1eb55ded6669 SHA-256: fad3d929952516d0320d9b8166b9cf429ad4c6d9b4cb90f00a3e465e51e3bf8c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the PDF as malicious. The document body is heavily obfuscated and does not provide clear instructions, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8800

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/iec-60044-5-ed-1-0-b-2004-instrument-transformers.pdf
    • http://www.gorillawalker.com/30-color-paintings-of-carl-ludwig-johann-christineck-russian-portrait.pdf
    • http://www.gorillawalker.com/fasting-made-easy-rid-your-body-of-harmful-toxins-develop.pdf
    • http://www.gorillawalker.com/queer-theory-readers-in-cultural-criticism.pdf
    • http://www.gorillawalker.com/heinrich-von-kleist-three-major-plays.pdf
    • http://www.gorillawalker.com/war-of-the-black-heavens-the-battles-of-western-broadcasting.pdf
    • http://www.gorillawalker.com/days-of-wrath-the-1990-coup-in-trinidad-and-tobago.pdf
    • http://www.gorillawalker.com/28-days-later-omnibus.pdf
    • http://www.gorillawalker.com/crystallographic-groups-and-their-generalizations-workshop-katholieke-universiteit-leuven-campus.pdf
    • http://www.gorillawalker.com/quicksand.pdf
    • http://www.gorillawalker.com/la-ciencia-de-lo-imposible-mas-alla-de-michio-kaku.pdf
    • http://www.gorillawalker.com/the-greek-diet-look-and-feel-like-a-greek-god.pdf
    • http://www.gorillawalker.com/popular-defense-ecological-struggles-semiotext-e-foreign-agents-series.pdf
    • http://www.gorillawalker.com/experiments-in-egyptian-archaeology-stoneworking-technology-in-ancient-egypt.pdf
    • http://www.gorillawalker.com/critical-care-focus-9-gut.pdf
    • http://www.gorillawalker.com/microeconomics-quickstudy-business.pdf
    • http://www.gorillawalker.com/healing-with-whole-foods-asian-traditions-and-modern-nutrition.pdf
    • http://www.gorillawalker.com/advanced-nuclear-energy-systems-toward-zero-release-of-radioactive-wastes.pdf
    • http://www.gorillawalker.com/valuation-workbook-step-by-step-exercises-and-tests-to-help.pdf
    • http://www.gorillawalker.com/the-mastersingers-of-nuremberg-english-translation-by-frederick-jameson-piano.pdf
    • http://www.gorillawalker.com/the-magic-fish.pdf
    • http://www.gorillawalker.com/eye-to-eye-intimate-encounters-with-the-animal-world-jumbo.pdf
    • http://www.gorillawalker.com/bleach-vol-27.pdf
    • http://www.gorillawalker.com/the-oxford-companion-to-american-literature.pdf
    • http://www.gorillawalker.com/clergy-negotiating-guide-don-t-sell-yourself-short-clergy-guides.pdf
    • http://www.gorillawalker.com/harmony.pdf
    • http://www.gorillawalker.com/automata-universality-computation-tribute-to-maurice-margenstern-emergence-complexity-and.pdf
    • http://www.gorillawalker.com/apprehended-amber-alert-series-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-electrical-resistivities-of-binary-metallic-alloys.pdf
    • http://www.gorillawalker.com/modern-jazz-concepts-for-guitar-bk-cd-musicians-institute-master.pdf
    • http://www.gorillawalker.com/el-ataque-de-las-ranas-ninjas-attack-of-the-ninja.pdf
    • http://www.gorillawalker.com/laurell-k-hamilton-meredith-gentry-cd-collection-2-a-stroke.pdf
    • http://www.gorillawalker.com/miss-julie-welsh-edition.pdf
    • http://www.gorillawalker.com/rural-gender-relations-issues-and-case-studies.pdf
    • http://www.gorillawalker.com/a-cowboy-s-heart.pdf
    • http://www.gorillawalker.com/life-lessons-from-my-life-with-my-brother-timothy-cardinal.pdf
    • http://www.gorillawalker.com/mornings-with-tozer-devotional-journal.pdf
    • http://www.gorillawalker.com/three-paths-to-profitable-investing-using-etfs-in-healthcare-infrastructure.pdf
    • http://www.gorillawalker.com/modern-chile.pdf
    • http://www.gorillawalker.com/forever-young-the-autobiography.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.