Malicious PDF — malware analysis report

Static analysis result for SHA-256 0665d2db16e06bd4…

MALICIOUS

PDF

42.6 KB Created: 2018-11-26 20:07:11 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: 0b006c2e0541e2988d08c00e99203904 SHA-1: ce32ea1d72be37f6aa72c035aaa959c1d6a50170 SHA-256: 0665d2db16e06bd42c260d417b48617706c79dcbf76bad12f41b9e9095832770
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, suggesting the document's primary purpose is to host these links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cat-magick.pdf
    • http://www.gorillawalker.com/the-children-we-remember.pdf
    • http://www.gorillawalker.com/the-art-of-falling.pdf
    • http://www.gorillawalker.com/cultural-pol-asian-values-routledge-advances-in-asia-pacific-studies.pdf
    • http://www.gorillawalker.com/healed-by-love-love-in-bloom-the-bradens.pdf
    • http://www.gorillawalker.com/gold-rush-billionaire-an-mmf-bisexual-threesome-erotic-novella-kindle.pdf
    • http://www.gorillawalker.com/mozart-19-sonatas-complete-piano-solo-schirmer-s-library-of.pdf
    • http://www.gorillawalker.com/hoda-and-jake-kindle-edition.pdf
    • http://www.gorillawalker.com/achieving-proficiency-in-mathematics-578s.pdf
    • http://www.gorillawalker.com/a-photographic-guide-to-the-birds-of-southeast-asia-including.pdf
    • http://www.gorillawalker.com/lego-friends-mystery-in-the-whispering-woods-chapter-book-3.pdf
    • http://www.gorillawalker.com/first-time-down-bisexual-swingers-erotica-mary-tales-shots-book.pdf
    • http://www.gorillawalker.com/costa-rica-national-parks.pdf
    • http://www.gorillawalker.com/the-lady-of-the-lions-short-stories-of-kephrath-book.pdf
    • http://www.gorillawalker.com/gold-scissors-enchanted-tales-of-china-green-level.pdf
    • http://www.gorillawalker.com/global-marketing-management-6th-edition-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-hypnotic-language-masterclass-cd.pdf
    • http://www.gorillawalker.com/body-language-homoeopathy-hardback-common.pdf
    • http://www.gorillawalker.com/linking-sustainable-livelihoods-to-natural-resources-and-governance-the-scale.pdf
    • http://www.gorillawalker.com/cardiac-surgery-manual-for-nurses-orientation-policy-and-procedures.pdf
    • http://www.gorillawalker.com/human-voices.pdf
    • http://www.gorillawalker.com/bare-essentials-underwear-construction-and-pattern-drafting-for-lingerie-design.pdf
    • http://www.gorillawalker.com/rainbow-body-and-resurrection-spiritual-attainment-the-dissolution-of-the.pdf
    • http://www.gorillawalker.com/statistical-communication-theory-and-its-applications.pdf
    • http://www.gorillawalker.com/water-efficient-landscaping-in-the-intermountain-west-a-step-by.pdf
    • http://www.gorillawalker.com/washington-d-c-coloring-activity-book-city-books-city-activity.pdf
    • http://www.gorillawalker.com/life-is-forever-evidence-for-survival-after-death.pdf
    • http://www.gorillawalker.com/un-amigo-por-un-par-de-tomates-a-friend-for.pdf
    • http://www.gorillawalker.com/the-madness-of-things-peruvian-democracy-under-seige.pdf
    • http://www.gorillawalker.com/living-food-holistic-wellbeing.pdf
    • http://www.gorillawalker.com/subsea-pipeline-engineering-2nd-edition.pdf
    • http://www.gorillawalker.com/collins-bto-guide-to-rare-british-birds.pdf
    • http://www.gorillawalker.com/empty-names-fiction-and-the-puzzles-of-non-existence-center.pdf
    • http://www.gorillawalker.com/the-forgotten-war-a-pictorial-history-of-world-war-ii.pdf
    • http://www.gorillawalker.com/w-juliet-vol-8-v-8.pdf
    • http://www.gorillawalker.com/erotica-del-duelo-en-tiempos-de-la-muerte-seca-spanish.pdf
    • http://www.gorillawalker.com/draw-horses-discover-drawing-series.pdf
    • http://www.gorillawalker.com/atlantic-coast-lighthouses-2010-square-wall-multilingual-edition.pdf
    • http://www.gorillawalker.com/acls-basics-and-more-w-student-cd-dvd.pdf
    • http://www.gorillawalker.com/preliminary-design-simulation-and-test-of-the-electrical-power-subsystem.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.