Malicious PDF — malware analysis report

Static analysis result for SHA-256 088f48ff21f75c85…

MALICIOUS

PDF

42.8 KB Created: 2018-12-14 20:03:53 +03:00 Authoring application: FineReader (via -)
MD5: 46faf84927f318712f71274bdee8a90b SHA-1: 72d7817c727539a808a0fe803897092d69d32a4d SHA-256: 088f48ff21f75c85f5c2a42220ab18b6f96d96d7aa8701bb0f48f546bdce1ec1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or distributing a large number of links, rather than direct user interaction, hence the 'unknown family' classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-world-encyclopedia-of-flags-the-definitive-guide-to-international.pdf
    • http://www.gorillawalker.com/hell-high-water-thirds-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/d-os-cl-sicos-de-flauta-guitarra-piezas-f-ciles.pdf
    • http://www.gorillawalker.com/telling-chinese-history-a-selection-of-essays.pdf
    • http://www.gorillawalker.com/johnny-a-sometime-tuesday-morning-authentic-guitar-tab.pdf
    • http://www.gorillawalker.com/how-quantum-activism-can-save-civilization-a-few-people-can.pdf
    • http://www.gorillawalker.com/prayers-for-rain-kenzie-and-gennaro-book-5.pdf
    • http://www.gorillawalker.com/the-2002-official-patient-s-sourcebook-on-diabetic-retinopathy-a.pdf
    • http://www.gorillawalker.com/soil-fertility-animal-health-the-albrecht-papers-vol-ii.pdf
    • http://www.gorillawalker.com/credit-and-consumer-society.pdf
    • http://www.gorillawalker.com/marketing-fashion.pdf
    • http://www.gorillawalker.com/little-recorder-book.pdf
    • http://www.gorillawalker.com/credit-models-and-the-crisis-a-journey-into-cdos-copulas.pdf
    • http://www.gorillawalker.com/supernatural-literature-of-the-world-an-encyclopedia-volume-1-a.pdf
    • http://www.gorillawalker.com/mini-music-guides-dictionary-of-music-all-the-essential-terms.pdf
    • http://www.gorillawalker.com/amy-red-riding-s-hood-adult-fairy-tale-erotica-kindle.pdf
    • http://www.gorillawalker.com/escapandome-trilog.pdf
    • http://www.gorillawalker.com/helicopter-gunships-deadly-combat-weapon-systems-specialty-press-hardcover-2010.pdf
    • http://www.gorillawalker.com/driving-like-crazy-thirty-years-of-vehicular-hell-bending-celebrating.pdf
    • http://www.gorillawalker.com/discernment.pdf
    • http://www.gorillawalker.com/shtf-proof-your-house-25-tips-for-protecting-your-house.pdf
    • http://www.gorillawalker.com/little-stalker.pdf
    • http://www.gorillawalker.com/vmusicbook-mastering-music-and-entertainment-entrepreneurship-for-independent-hip-hop.pdf
    • http://www.gorillawalker.com/jacksonville-125-years-ago.pdf
    • http://www.gorillawalker.com/the-discovery-of-being-writings-in-existential-psychology.pdf
    • http://www.gorillawalker.com/the-prince-of-troy-kindle-edition.pdf
    • http://www.gorillawalker.com/glenn-s-urologic-surgery.pdf
    • http://www.gorillawalker.com/human-understanding-the-collective-use-and-evolution-of-concepts.pdf
    • http://www.gorillawalker.com/koren-talmud-bavli-v-29-sanhedrin-part-1-english.pdf
    • http://www.gorillawalker.com/the-reluctant-princess-harlequin-comics.pdf
    • http://www.gorillawalker.com/modern-egypt.pdf
    • http://www.gorillawalker.com/just-kids-cd-audiobook-unabridged-unabridged-edition.pdf
    • http://www.gorillawalker.com/frances-johnson.pdf
    • http://www.gorillawalker.com/simple-essentials-chicken.pdf
    • http://www.gorillawalker.com/phantom-of-the-opera-medley-for-violin-piano-arranged-by.pdf
    • http://www.gorillawalker.com/englands-cathedrals-by-train-discover-how-the-normans-and-victorians.pdf
    • http://www.gorillawalker.com/phase-phase-trilogy-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/treasury-of-bridge-tips-540-bidding-tips-to-improve-your.pdf
    • http://www.gorillawalker.com/phytochemicals-of-nutraceutical-importance.pdf
    • http://www.gorillawalker.com/texes-school-counselor-152-teacher-certification-test-prep-study-guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.