Malicious PDF — malware analysis report

Static analysis result for SHA-256 fb32980c36893c3e…

MALICIOUS

PDF

32.9 KB Created: 2019-12-13 07:52:13 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: 1e4a392665ea2baadf07165c570a6893 SHA-1: 07c42b4000bfef513acd13b5915fc722461bfe39 SHA-256: fb32980c36893c3e69384cdb9a61dc66efba808f758d456e10b09c89c4ec7956
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to redirect users to malicious content hosted on those external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-shirt-on-his-back-benjamin-january-mysteries.pdf
    • http://www.gorillawalker.com/design-in-the-borderlands.pdf
    • http://www.gorillawalker.com/too-small-for-the-team.pdf
    • http://www.gorillawalker.com/age-of-propaganda-rev-bklt.pdf
    • http://www.gorillawalker.com/post-traumatic-slave-syndrome-america-s-legacy-of-enduring-injury.pdf
    • http://www.gorillawalker.com/night-comes.pdf
    • http://www.gorillawalker.com/acid-rain-and-the-rise-of-the-environmental-chemist-in.pdf
    • http://www.gorillawalker.com/weight-loss-for-teens-book-24-ways-to-inspire-teens.pdf
    • http://www.gorillawalker.com/collaborative-computational-technologies-for-biomedical-research.pdf
    • http://www.gorillawalker.com/filosof-a-qui-n-la-necesita-spanish-edition.pdf
    • http://www.gorillawalker.com/facing-the-cognitive-challenges-of-multiple-sclerosis-by-gingold-jeffrey.pdf
    • http://www.gorillawalker.com/going-faster-mastering-the-art-of-race-driving.pdf
    • http://www.gorillawalker.com/hailey-s-bedroom-flash-adult-picture-book-kindle-edition.pdf
    • http://www.gorillawalker.com/hinds-feet-on-high-places-illustrated-edition.pdf
    • http://www.gorillawalker.com/fatal-crossroads-the-untold-story-of-the-malmedy-massacre-at.pdf
    • http://www.gorillawalker.com/thirty-years-in-the-harem-or-the-autobiography-of-melek.pdf
    • http://www.gorillawalker.com/acrobaddict.pdf
    • http://www.gorillawalker.com/informed-assessment-an-introduction-to-information-entropy-and-statistics.pdf
    • http://www.gorillawalker.com/c-mo-escribir-el-gui-n-que-necesitas-cine-149.pdf
    • http://www.gorillawalker.com/the-other-women-s-lib-gender-and-body-in-japanese.pdf
    • http://www.gorillawalker.com/basic-income-and-the-free-market-austrian-economics-and-the.pdf
    • http://www.gorillawalker.com/valentina-movie-p-ii-italian-edition.pdf
    • http://www.gorillawalker.com/asis-guidelines-update-industry-focus-an-article-from-security-management.pdf
    • http://www.gorillawalker.com/stories-at-work-using-stories-to-improve-communication-and-build.pdf
    • http://www.gorillawalker.com/under-the-wide-and-starry-sky-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/garrincha-the-triumph-and-tragedy-of-brazil-s-forgotten-footballing.pdf
    • http://www.gorillawalker.com/salmon-of-north-america-poster.pdf
    • http://www.gorillawalker.com/1000-basic-phrases-japanese-latvian-chitchat-worldwide-japanese-edition-kindle.pdf
    • http://www.gorillawalker.com/war-memoirs-volume-ii-part-1.pdf
    • http://www.gorillawalker.com/joining-forces-making-one-plus-one-equal-three-in-mergers.pdf
    • http://www.gorillawalker.com/fashion-media-promotion-the-new-black-magic.pdf
    • http://www.gorillawalker.com/mttc-early-childhood-education-practice-questions-mttc-practice-tests-review.pdf
    • http://www.gorillawalker.com/the-writer-s-brief-handbook-7th-edition.pdf
    • http://www.gorillawalker.com/swimming-a-step-by-step-guide-be-the-best.pdf
    • http://www.gorillawalker.com/betty-crocker-holidays-on-parade.pdf
    • http://www.gorillawalker.com/the-decrees-of-the-vatican-council.pdf
    • http://www.gorillawalker.com/ezra-pound-in-context-literature-in-context.pdf
    • http://www.gorillawalker.com/la-magia-con-cartas-de-le-paul-spanish-edition.pdf
    • http://www.gorillawalker.com/the-ionia-sanction-an-athenian-mystery.pdf
    • http://www.gorillawalker.com/start-a-craft-magic-tricks.pdf
    • http://www.gorillawalker.com/going
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.