Malicious PDF — malware analysis report

Static analysis result for SHA-256 fcad037884a4980d…

MALICIOUS

PDF

34.9 KB Created: 2020-01-10 17:21:47 +03:00 Authoring application: doPDF Ver 7.3 Build 391 (Windows 7 Home Premium Edition (SP 1) - Version: 6.1.7601 (x64))
MD5: dbf5414198aa1e2be41130050d66d5d0 SHA-1: 435d53ef4a751d22aa2f3a9ec19141f30df1f94d SHA-256: fcad037884a4980d47ba0d7b8bdf0d0c3b916a424715f331e9c95e206edf4fa4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external documents, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this behavior, indicating a likely attempt to drive traffic or host malicious files. No scripts were extracted from this sample, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/passage-to-intimacy.pdf
    • http://www.gorillawalker.com/positional-chess-handbook-495-instructive-positions-from-grandmaster-games-dover.pdf
    • http://www.gorillawalker.com/lynchburg-bedford-va-street-map-american-map.pdf
    • http://www.gorillawalker.com/once-upon-a-time-north-west-yorkshire-tales.pdf
    • http://www.gorillawalker.com/assessment-and-management-of-central-auditory-processing-disorders-in-the.pdf
    • http://www.gorillawalker.com/ausdauerleistungsfahigkeit-im-kindes-und-jugendalter-beitrage-zur-sportlichen-leistungsforderung-german.pdf
    • http://www.gorillawalker.com/what-do-you-know-about-electricity-20-questions-physical-science.pdf
    • http://www.gorillawalker.com/prophecy-3-0-return-to-me-and-i-will-return.pdf
    • http://www.gorillawalker.com/the-second-vatican-ecumenical-council-a-counterpoint-for-the-history.pdf
    • http://www.gorillawalker.com/sometimes-it-s-turkey-sometimes-it-s-feathers.pdf
    • http://www.gorillawalker.com/the-revolution-will-not-be-televised-democracy-the-internet-and.pdf
    • http://www.gorillawalker.com/nankin-fei.pdf
    • http://www.gorillawalker.com/investigations-into-physical-geology-a-laboratory-manual-no-maps.pdf
    • http://www.gorillawalker.com/cost-accounting-standards-board-regulations-as-of-01-09.pdf
    • http://www.gorillawalker.com/sourcing-of-services-international-aspects-and-complex-categories-einkauf-logistik.pdf
    • http://www.gorillawalker.com/constitutionalism-the-rule-of-rules-explorations-george-anastaplo-tables-of.pdf
    • http://www.gorillawalker.com/back-that-thing-swoop-list-the-swoop-list.pdf
    • http://www.gorillawalker.com/interpersonal-skills-theory-and-practice-the-librarian-s-guide-to.pdf
    • http://www.gorillawalker.com/the-cms-hospital-conditions-of-participation-and-interpretive-guidelines-2014.pdf
    • http://www.gorillawalker.com/songs-of-praise-melody-edition-style-3240.pdf
    • http://www.gorillawalker.com/fishman-and-schwarz-s-nonprofit-organizations-cases-and-materials-4th.pdf
    • http://www.gorillawalker.com/emc-for-product-designers-second-edition.pdf
    • http://www.gorillawalker.com/mortgage-foreclosure-and-loan-collection-a-practical-guide-for-lenders.pdf
    • http://www.gorillawalker.com/handmade-packaging-workshop-tutorials-and-professional-advice-for-creating-handcrafted.pdf
    • http://www.gorillawalker.com/keeping-the-promise-confirmand-s-guide-a-mentoring-program-for.pdf
    • http://www.gorillawalker.com/a-course-in-h-control-theory-lecture-notes-in-control.pdf
    • http://www.gorillawalker.com/cath-kidston-s-in-print-brilliant-ideas-for-using-vintage.pdf
    • http://www.gorillawalker.com/the-cycle-of-victorious-giving-your-time-your-talent-your.pdf
    • http://www.gorillawalker.com/american-folk-hymns-for-christmas-rejoice-ye-shepherds-as-shepherds.pdf
    • http://www.gorillawalker.com/rice-functional-genomics-challenges-progress-and-prospects.pdf
    • http://www.gorillawalker.com/ken-hom-s-foolproof-thai-cookery.pdf
    • http://www.gorillawalker.com/business-aspects-of-optometry-3e-3rd-third-edition-by-apme.pdf
    • http://www.gorillawalker.com/the-nightingale-english-italian-bilingual-edition-illustrated-l-usignolo-inglese.pdf
    • http://www.gorillawalker.com/m-international-business-m-series.pdf
    • http://www.gorillawalker.com/keith-magnuson-the-inspiring-life-and-times-of-a-beloved.pdf
    • http://www.gorillawalker.com/glamour-damnation.pdf
    • http://www.gorillawalker.com/microsoft-office-2013-marquee.pdf
    • http://www.gorillawalker.com/claudia-jones-beyond-containment.pdf
    • http://www.gorillawalker.com/life-is-but-a-dream.pdf
    • http://www.gorillawalker.com/butterflies-of-the-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.