Malicious PDF — malware analysis report

Static analysis result for SHA-256 04186a6f82bd5bf0…

MALICIOUS

PDF

42.6 KB Created: 2018-12-15 20:01:58 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: bc3ece15c6673e001aba3b6f6d8b0573 SHA-1: bdbd76ae5156b63fc8a8eed58b23a9631a73a955 SHA-256: 04186a6f82bd5bf0394ea43c7a2660b483251a50072ea7c35d07bee193cb5c13
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or distributing a large volume of links, rather than direct user interaction within the document itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-toque-de-midas-por-qu-algunos-empresarios-se-hacen.pdf
    • http://www.gorillawalker.com/a-band-in-a-waistcoat-pocket-story-of-the-harmonica.pdf
    • http://www.gorillawalker.com/welcome-risen-jesus-lent-and-easter-reflections-for-families.pdf
    • http://www.gorillawalker.com/computerizing-healthcare-information-developing-electronic-patient-information-systems-revised-edition.pdf
    • http://www.gorillawalker.com/developing-enterprise-ios-applications-iphone-and-ipad-apps-for-companies.pdf
    • http://www.gorillawalker.com/markov-chains-cambridge-series-in-statistical-and-probabilistic-mathematics.pdf
    • http://www.gorillawalker.com/the-therapist-s-notebook-on-positive-psychology-activities-exercises-and.pdf
    • http://www.gorillawalker.com/understanding-race-ethnicity-and-power-the-key-to-efficacy-on.pdf
    • http://www.gorillawalker.com/rock-and-roll-its-history-and-stylistic-development-books-a.pdf
    • http://www.gorillawalker.com/booksellers-of-early-san-francisco-with-a-biography-of-the.pdf
    • http://www.gorillawalker.com/wicca-la-magia-de-la-naturaleza-esoterismo-y-realidad-spanish.pdf
    • http://www.gorillawalker.com/mental-training-for-skydiving-and-life.pdf
    • http://www.gorillawalker.com/darsan-3th-third-edition-text-only.pdf
    • http://www.gorillawalker.com/self-help-approaches-for-obesity-and-eating-disorders-research-and.pdf
    • http://www.gorillawalker.com/the-creation-of-the-roman-frontier-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/snoopy-features-as-the-legal-beagle.pdf
    • http://www.gorillawalker.com/me-and-rolly-maloo.pdf
    • http://www.gorillawalker.com/huck-it-buck-hardcover.pdf
    • http://www.gorillawalker.com/greg-kelser-s-tales-from-michigan-state-basketball.pdf
    • http://www.gorillawalker.com/foot-and-ankle.pdf
    • http://www.gorillawalker.com/between-hollywood-and-moscow-the-italian-communists-and-the-challenge.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-kickboxing.pdf
    • http://www.gorillawalker.com/the-stygian-rose-max-amoretti-thrillogy-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/drop-dead-gorgeous-blair-mallory.pdf
    • http://www.gorillawalker.com/the-quorn-kitchen-70-easy-home-cooked-recipes-from-our.pdf
    • http://www.gorillawalker.com/little-dioramas-farm-dover-little-activity-books.pdf
    • http://www.gorillawalker.com/reprint-1968-yearbook-thomas-jefferson-high-school-port-arthur-texas.pdf
    • http://www.gorillawalker.com/sophist-kings-persians-as-other-in-herodotus.pdf
    • http://www.gorillawalker.com/explicaci.pdf
    • http://www.gorillawalker.com/the-hitler-myth-image-and-reality-in-the-third-reich.pdf
    • http://www.gorillawalker.com/architects-contractors-engineers-guide-to-construction-costs.pdf
    • http://www.gorillawalker.com/the-autobiography-of-a-goddess.pdf
    • http://www.gorillawalker.com/chapter-tests-elements-of-language-introductory-course.pdf
    • http://www.gorillawalker.com/clinical-repertory-to-the-dictionary-of-materia-medica.pdf
    • http://www.gorillawalker.com/seduced-in-colorado-confessions-erotica-hardcore-hotels-book-4.pdf
    • http://www.gorillawalker.com/mille-miglia-immagini-di-una-corsa-a-race-in-pictures.pdf
    • http://www.gorillawalker.com/buildings-and-towns-in-pastel-leisure-arts.pdf
    • http://www.gorillawalker.com/haiti-i-see-i-cry-i-find-hope-in-jesus.pdf
    • http://www.gorillawalker.com/47-down-the-1922-argonaut-gold-mine-disaster.pdf
    • http://www.gorillawalker.com/heinz-tesar-drawings.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.