Malicious PDF — malware analysis report

Static analysis result for SHA-256 07ff765f4f2a5456…

MALICIOUS

PDF

46.1 KB Created: 2018-11-30 20:31:47 +03:00 Authoring application: dvips 5.72 Copyright 1997 Radical Eye Software (www.radicaleye.com) (via Acrobat Distiller 5.0.5 (Windows))
MD5: 7df11ab6327a66f4f7a96580c200a91c SHA-1: c0aa988808fb055f428b44ab9476ff71079bbe6e SHA-256: 07ff765f4f2a5456460802a004b08792dbe36c16eef9912b5c14f34535f5a74a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to the same domain, suggesting a coordinated effort to manipulate search engine results or distribute potentially malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8396

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-yale-guide-to-careers-in-medicine-and-the-health.pdf
    • http://www.gorillawalker.com/firewalker-the-worldwalker-trilogy-book-2.pdf
    • http://www.gorillawalker.com/better.pdf
    • http://www.gorillawalker.com/three-days-in-gettysburg-an-intimate-tale-of-lost-love.pdf
    • http://www.gorillawalker.com/3-r-cits-for-recorder.pdf
    • http://www.gorillawalker.com/handbook-of-the-sociology-of-mental-health-handbooks-of-sociology.pdf
    • http://www.gorillawalker.com/stroke-practical-management.pdf
    • http://www.gorillawalker.com/a-light-christmas-day-brunch-recipe-menu.pdf
    • http://www.gorillawalker.com/cambridge-english-first-for-schools-1-for-revised-exam-from.pdf
    • http://www.gorillawalker.com/managing-climate-risk-a-practical-guide-for-business.pdf
    • http://www.gorillawalker.com/clio-symphonic-ode-full-score.pdf
    • http://www.gorillawalker.com/broken-glass-broken-lives-a-jewish-girl-s-survival-story.pdf
    • http://www.gorillawalker.com/the-best-american-travel-writing-2006-the-best-american-series.pdf
    • http://www.gorillawalker.com/nagel-s-encyclopedia-guide-scandinavia-denmark-finland-iceland-norway-sweden.pdf
    • http://www.gorillawalker.com/the-castrati-in-opera-a-da-capo-paperback.pdf
    • http://www.gorillawalker.com/the-amateur-artist-or-oil-and-water-color-painting-without.pdf
    • http://www.gorillawalker.com/theorizing-self-in-samoa-emotions-genders-and-sexualities.pdf
    • http://www.gorillawalker.com/effective-marriage-counseling-the-his-needs-her-needs-guide-to.pdf
    • http://www.gorillawalker.com/wonderland-a-forced-bi-femdom-glory-hole-story.pdf
    • http://www.gorillawalker.com/pearls-and-pearling.pdf
    • http://www.gorillawalker.com/bayesian-econometrics.pdf
    • http://www.gorillawalker.com/internal-time-chronotypes-social-jet-lag-and-why-you-re.pdf
    • http://www.gorillawalker.com/the-practice-of-preaching-revised-edition.pdf
    • http://www.gorillawalker.com/getting-results-reliably-communicating-and-acting-on-critical-test-results.pdf
    • http://www.gorillawalker.com/die-bilanzierung-des-gesch-fts-oder-firmenwertes-in-der-handels.pdf
    • http://www.gorillawalker.com/soil-sisters-a-toolkit-for-women-farmers.pdf
    • http://www.gorillawalker.com/returning-to-the-teachings-exploring-the-aboriginal-justice.pdf
    • http://www.gorillawalker.com/progressive-manufacturing-managing-uncertainty-while-blazing-a-trail-to-success.pdf
    • http://www.gorillawalker.com/applied-statistics-for-public-and-nonprofit-administration-8th-eighth-edition.pdf
    • http://www.gorillawalker.com/portfolio-design-fourth-edition.pdf
    • http://www.gorillawalker.com/american-too.pdf
    • http://www.gorillawalker.com/single-case-and-small-n-experimental-designs-a-practical-guide.pdf
    • http://www.gorillawalker.com/songs-of-the-greek-underworld-the-rebetika-tradition.pdf
    • http://www.gorillawalker.com/amar-significa-sin-l.pdf
    • http://www.gorillawalker.com/fine-prints-of-the-year-an-annual-review-of-contemporary.pdf
    • http://www.gorillawalker.com/modelling-british-english-intonation-an-analysis-by-resynthesis-of-british.pdf
    • http://www.gorillawalker.com/the-illustrated-encyclopedia-of-uniforms-of-world-war-i-an.pdf
    • http://www.gorillawalker.com/my-couplet-runneth-over-the-world-now-then-in-rhyming.pdf
    • http://www.gorillawalker.com/iguana-iguana-guide-for-successful-captive-care.pdf
    • http://www.gorillawalker.com/seminars-in-liaison-psychiatry-college-seminars-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.