Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff6dd5edd80f9399…

MALICIOUS

PDF

35.7 KB Created: 2020-03-13 01:09:51 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 4cf3da374ee3abfbfdaae6ec4a1e43f3 SHA-1: a5e1243cf8f61f6f177c7eddd7c6940c60278c54 SHA-256: ff6dd5edd80f9399969bb6f049821202bfa8688e25bd55c9cb30f3e2c79c9f58
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of external links, identified as a link farm. This heuristic suggests the document's primary purpose is to redirect users to a multitude of other PDF files hosted on the same domain. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8021

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/predestined-to-believe-common-objections-to-the-reformed-faith-answered.pdf
    • http://www.gorillawalker.com/plastic-and-reconstructive-surgery-of-the-eye-and-adnexa.pdf
    • http://www.gorillawalker.com/baja-california-sur-historia-breve-historias-breves-spanish-edition.pdf
    • http://www.gorillawalker.com/u-s-coast-guard-cutters-military-vehicles.pdf
    • http://www.gorillawalker.com/fairy-tale-pieces-op-113-kalmus-edition.pdf
    • http://www.gorillawalker.com/when-to-exchange-in-chess.pdf
    • http://www.gorillawalker.com/espresso-coffee-second-edition-the-science-of-quality.pdf
    • http://www.gorillawalker.com/bethany-the-ballet-fairy-dance-fairies-series-1-by-daisy.pdf
    • http://www.gorillawalker.com/handbook-of-plant-based-biofuels.pdf
    • http://www.gorillawalker.com/die-steuerabgrenzung-im-handelsrechtlichen-jahresabschlu-ein-beitrag-zu-der-systematischen.pdf
    • http://www.gorillawalker.com/new-faces-of-the-fur-trade-selected-papers-of-the.pdf
    • http://www.gorillawalker.com/pop-goes-the-weasel-detective-inspector-helen-grace.pdf
    • http://www.gorillawalker.com/icelandic-bird-guide-appearance-way-of-life-habitat.pdf
    • http://www.gorillawalker.com/zola-and-the-victorians-fit-for-swine.pdf
    • http://www.gorillawalker.com/the-living-goddesses.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-tuscany-umbria-5-rough-guide-travel.pdf
    • http://www.gorillawalker.com/a-first-course-in-coding-theory-oxford-applied-mathematics-and.pdf
    • http://www.gorillawalker.com/gospel-figures-in-art-guide-to-imagery-paperback-common-paperback.pdf
    • http://www.gorillawalker.com/israel-countries-of-the-world.pdf
    • http://www.gorillawalker.com/the-legacy-of-fairbairn-and-sutherland-psychotherapeutic-applications.pdf
    • http://www.gorillawalker.com/captured-on-film.pdf
    • http://www.gorillawalker.com/the-papers-of-francis-bernard-governor-of-colonial-massachusetts-1760.pdf
    • http://www.gorillawalker.com/the-watchdog-new-zealand-s-audit-office-1840-to-2008.pdf
    • http://www.gorillawalker.com/base-66-a-story-of-fear-fun-and-freefall.pdf
    • http://www.gorillawalker.com/tim-burton-an-unauthorized-biography-of-the-filmmaker.pdf
    • http://www.gorillawalker.com/curating-sochi-city-notebook-for-sochi-russia-a-d-i.pdf
    • http://www.gorillawalker.com/grimm-fairy-tales-presents-helsing.pdf
    • http://www.gorillawalker.com/psychology-themes-and-variations-9th-edition.pdf
    • http://www.gorillawalker.com/johann-fischart-s-geschichtklitterung-a-study-of-the-narrator-and.pdf
    • http://www.gorillawalker.com/big-bear-ball.pdf
    • http://www.gorillawalker.com/unearthing-business-requirements-elicitation-tools-and-techniques-business-analysis-essential.pdf
    • http://www.gorillawalker.com/digital-nature-photography-closeup.pdf
    • http://www.gorillawalker.com/aan-den-hoogleeraar-siegenbeek-over-de-vocaalverdubbeling-in-het-nederduitsch.pdf
    • http://www.gorillawalker.com/awake-josh-groban.pdf
    • http://www.gorillawalker.com/makeup-skin-care-10-year-old-magic-reset-beauty-negative.pdf
    • http://www.gorillawalker.com/reading-the-web-strategies-for-internet-inquiry-solving-problems-in.pdf
    • http://www.gorillawalker.com/local-function-spaces-heat-and-navier-stokes-equations-ems-tracts.pdf
    • http://www.gorillawalker.com/city-a-guidebook-for-the-urban-age.pdf
    • http://www.gorillawalker.com/management-accounting-for-the-sugar-cane-industry-sugar-series.pdf
    • http://www.gorillawalker.com/sensors-update-vol-5.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.