Malicious PDF — malware analysis report

Static analysis result for SHA-256 045ce5947ce13778…

MALICIOUS

PDF

42.9 KB Created: 2018-11-26 20:09:47 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 6.0.1 for Macintosh)
MD5: 35f56164e5244f750cf5148a8a9cbbad SHA-1: 065352d1b25eb7dd58dbcdbe54fd7ea10a566d34 SHA-256: 045ce5947ce137789270937242ffb77ac0788227ff450bdf9e44634d23dd6a7d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs likely serve as a lure to direct users to potentially malicious content or for SEO manipulation purposes. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/39-minutes-volume-1-hc.pdf
    • http://www.gorillawalker.com/great-lakes-passenger-ship-disasters.pdf
    • http://www.gorillawalker.com/365-incredible-fishing-stories-page-a-day-calendar-2009-page.pdf
    • http://www.gorillawalker.com/dies-irae.pdf
    • http://www.gorillawalker.com/horse-racing-logic-a-guide-for-the-serious-horseplayer.pdf
    • http://www.gorillawalker.com/hermes-profiles-in-greek-and-roman-mythology-profiles-in-greek.pdf
    • http://www.gorillawalker.com/perry-anderson-the-merciless-laboratory-of-history-studies-in-classical.pdf
    • http://www.gorillawalker.com/the-psychology-of-imagination.pdf
    • http://www.gorillawalker.com/reiki-posiciones-activaciones-y-sanaciones.pdf
    • http://www.gorillawalker.com/the-necromancer-the-secrets-of-the-immortal-nicholas-flamel.pdf
    • http://www.gorillawalker.com/thomas-zipp-the-world-s-most-complete-congress-of-ritatin.pdf
    • http://www.gorillawalker.com/the-book-of-life-the-greatest-story-ever-told.pdf
    • http://www.gorillawalker.com/mr-darcy-goes-overboard-a-tale-of-tide-prejudice.pdf
    • http://www.gorillawalker.com/cloud-computing-an-introduction.pdf
    • http://www.gorillawalker.com/comprehensive-skill-assessment-tool-diesel-engines-t2-printed-access-card.pdf
    • http://www.gorillawalker.com/gifted-and-talented-children-in-the-regular-classroom.pdf
    • http://www.gorillawalker.com/effects-of-energy-momentum-and-particle-transport-in-the-near.pdf
    • http://www.gorillawalker.com/how-to-think-like-a-survivor-a-guide-for-wilderness.pdf
    • http://www.gorillawalker.com/rick-steves-snapshot-norway.pdf
    • http://www.gorillawalker.com/unlearning-liberty-campus-censorship-and-the-end-of-american-debate.pdf
    • http://www.gorillawalker.com/my-bible-animals.pdf
    • http://www.gorillawalker.com/ancient-egyptian-dances.pdf
    • http://www.gorillawalker.com/witches-hill-things-that-should-not-be-there.pdf
    • http://www.gorillawalker.com/therapeutic-voicework-principles-and-practice-for-the-use-of-singing.pdf
    • http://www.gorillawalker.com/clara-barton-healing-the-wounds-history-of-the-civil-war.pdf
    • http://www.gorillawalker.com/echoes-neo-victorian-poetry.pdf
    • http://www.gorillawalker.com/business-associations-agency-partnerships-llcs-and-corporations-2013-statutes-and.pdf
    • http://www.gorillawalker.com/muhyo-roji-s-bureau-of-supernatural-investigation-vol-15.pdf
    • http://www.gorillawalker.com/navegando-level-1-6-year-license-spanish-edition.pdf
    • http://www.gorillawalker.com/a-history-of-biblical-israel-the-fate-of-the-tribes.pdf
    • http://www.gorillawalker.com/the-magazine-of-fantasy-and-science-fiction-vol-87-no.pdf
    • http://www.gorillawalker.com/song-of-india-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/el-mentor-de-matematicas-the-mathematic-s-mentor-con-ejercicios.pdf
    • http://www.gorillawalker.com/oral-surgery-and-anesthesia.pdf
    • http://www.gorillawalker.com/athens-archaeology-history-monuments-museums-elevsis-sounion-kaissariani-dafni-marathonas.pdf
    • http://www.gorillawalker.com/opportunites-for-molecular-biology-in-crop-protection-monograph.pdf
    • http://www.gorillawalker.com/verdi.pdf
    • http://www.gorillawalker.com/late-helladic-citadels-on-mainland-greece-monumenta-graeca-et-romana.pdf
    • http://www.gorillawalker.com/therapy-in-the-ghetto-political-impotence-and-personal-disintegration.pdf
    • http://www.gorillawalker.com/food-regimes-and-agrarian-questions-agrarian-change-adn-peasant-studies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.