Malicious PDF — malware analysis report

Static analysis result for SHA-256 02fa9979d727ff06…

MALICIOUS

PDF

39.5 KB Created: 2018-12-28 08:09:16 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: 7e6c2355cdc8b7721b55b22478845e7d SHA-1: f79f305748d98732bff0f3807a92f1809ae88d5c SHA-256: 02fa9979d727ff060321642cedde3145c7f6373215382220599e2dfcbe250ffe
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were explicitly extracted, the presence of embedded URLs and the ML classifier's high confidence indicate malicious intent. The document body is heavily obfuscated, preventing a clear understanding of its direct lure, but the overall structure points to a malicious PDF designed to redirect users to numerous external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-candida-free-cookbook-125-recipes-to-beat-candida-and.pdf
    • http://www.gorillawalker.com/faith-of-a-father-a-father-s-open-letter-to.pdf
    • http://www.gorillawalker.com/garni-geghard-my-anacient-armenia-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/all-a-heart-needs-the-callaways.pdf
    • http://www.gorillawalker.com/on-kevin-s-boat.pdf
    • http://www.gorillawalker.com/attention-and-schizophrenia.pdf
    • http://www.gorillawalker.com/justice-and-peace.pdf
    • http://www.gorillawalker.com/chess-score-sheets.pdf
    • http://www.gorillawalker.com/joyeux-no-l-benjamin-benjamin-les-classiques-french-edition.pdf
    • http://www.gorillawalker.com/brecht-and-method.pdf
    • http://www.gorillawalker.com/paddling-oregon-regional-paddling-series.pdf
    • http://www.gorillawalker.com/alligator-tears.pdf
    • http://www.gorillawalker.com/minecraft-texture-packs-70-top-minecraft-essential-texture-packs-guide.pdf
    • http://www.gorillawalker.com/gesch-ftsmodelle-in-industrie-4-0-und-dem-internet-der.pdf
    • http://www.gorillawalker.com/behavior-analysis-of-child-development.pdf
    • http://www.gorillawalker.com/just-once-more.pdf
    • http://www.gorillawalker.com/anatomy-of-animals-studies-in-the-forms-of-mammals-and.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-writing-and-publishing-your-first-ebook.pdf
    • http://www.gorillawalker.com/edward-johnston-master-calligrapher.pdf
    • http://www.gorillawalker.com/history-of-ottoman-coins-volume-8-osmanli-sikkeleri-tarihi-cilt.pdf
    • http://www.gorillawalker.com/elementary-statistical-quality-control-2nd-edition-statistics-a-series-of.pdf
    • http://www.gorillawalker.com/jonesing-love-and-its-after-effects-kindle-edition.pdf
    • http://www.gorillawalker.com/the-tolkein-art-of-the-brothers-hildebrandt-2005-mini-wall.pdf
    • http://www.gorillawalker.com/el-gran-inquisidor-y-otros-cuentos-the-grand-inquisitor-and.pdf
    • http://www.gorillawalker.com/bold-angel.pdf
    • http://www.gorillawalker.com/mathematics-a-discrete-introduction.pdf
    • http://www.gorillawalker.com/simply-light-cooking.pdf
    • http://www.gorillawalker.com/electronic-circuits-manual.pdf
    • http://www.gorillawalker.com/srimad-bhagavatam-eleventh-canto-part-one-16.pdf
    • http://www.gorillawalker.com/son-of-dragons-legends-of-oblivion-book-2.pdf
    • http://www.gorillawalker.com/toulon-1793-napoleon-s-first-great-victory-campaign.pdf
    • http://www.gorillawalker.com/great-human-potential-walking-in-one-s-own-light-teachings.pdf
    • http://www.gorillawalker.com/a-trip-through-italian-design.pdf
    • http://www.gorillawalker.com/the-world-s-largest-word-search-puzzle-book-1-000.pdf
    • http://www.gorillawalker.com/yahweh-is-a-warrior-the-theology-of-warfare-in-ancient.pdf
    • http://www.gorillawalker.com/the-dispersion-of-egyptian-jewry-culture-politics-and-the-formation.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-preaching.pdf
    • http://www.gorillawalker.com/energy-and-social-policy-routledge-revivals.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-sixties-cool-a-celebration-of-the-grooviest.pdf
    • http://www.gorillawalker.com/megalodon-lives.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.