Malicious PDF — malware analysis report

Static analysis result for SHA-256 0a8fe4640b666b2e…

MALICIOUS

PDF

48.1 KB Created: 2018-12-02 10:58:34 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: a34901b1c465c248a7ae4e279e50baa2 SHA-1: 9164039920eb437c985d424613154dab0c739ce1 SHA-256: 0a8fe4640b666b2e2448193c10438bff7ca01af470ae755f9bed955c089ed098
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation, distributing further malware, or phishing. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/frank-lloyd-wright-visionary-architect-people-to-know.pdf
    • http://www.gorillawalker.com/the-black-sea-paphlagonia-pontus-and-phrygia-in-antiquity-aspects.pdf
    • http://www.gorillawalker.com/rational-extremism-the-political-economy-of-radicalism.pdf
    • http://www.gorillawalker.com/vins-de-provence-wines-of-cote-du-rhone.pdf
    • http://www.gorillawalker.com/overweight-sensation-the-life-and-comedy-of-allan-sherman-brandeis.pdf
    • http://www.gorillawalker.com/chants-du-rhin-songs-of-the-rhine-by-georges-bizet.pdf
    • http://www.gorillawalker.com/reinventing-retail-lending-analytics-forecasting-stress-testing-capital-and-scoring.pdf
    • http://www.gorillawalker.com/soccer-training-games-drills-and-fitness-practices.pdf
    • http://www.gorillawalker.com/the-agamemnon-of-aeschylus-tr-by-a-balliol-man.pdf
    • http://www.gorillawalker.com/the-power-of-one-young-readers-condensed-edition.pdf
    • http://www.gorillawalker.com/crimson-changes.pdf
    • http://www.gorillawalker.com/human-communication-in-society-books-a-la-carte-edition-2nd.pdf
    • http://www.gorillawalker.com/love-unrehearsed-the-love-series-book-2-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/triumph-and-tragedy-in-the-crowsnest-pass-kindle-edition.pdf
    • http://www.gorillawalker.com/anna-brushes-her-teeth-anna-series.pdf
    • http://www.gorillawalker.com/yankee-merchants-and-the-making-of-the-urban-west-the.pdf
    • http://www.gorillawalker.com/the-forgotten-ones-a-lucy-black-thriller-lucy-black-thrillers.pdf
    • http://www.gorillawalker.com/japanese-dragons-coloring-book-for-adults-kids-super-fun-coloring.pdf
    • http://www.gorillawalker.com/fifty-places-to-paddle-before-you-die-kayaking-and-rafting.pdf
    • http://www.gorillawalker.com/days-bygone-sylph-editions-cahiers.pdf
    • http://www.gorillawalker.com/i-smell-a-pop-quiz-a-big-nate-book.pdf
    • http://www.gorillawalker.com/enfoques-online-student-activities-manual-mp3.pdf
    • http://www.gorillawalker.com/cigars-revised-and-updated-v-1.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-india-map-1-rough-guide-country.pdf
    • http://www.gorillawalker.com/physical-distribution-management.pdf
    • http://www.gorillawalker.com/the-hound-of-the-baskervilles-a-study-guide-gilbert-s.pdf
    • http://www.gorillawalker.com/the-great-and-distinguished-words-of-god-the-histories.pdf
    • http://www.gorillawalker.com/asphalt-material-characterization-accelerated-testing-and-highway-management-geotechnical-special.pdf
    • http://www.gorillawalker.com/evolution-in-action-natural-history-through-spectacular-skeletons-jean-baptiste.pdf
    • http://www.gorillawalker.com/the-baptist-hymnal-1975-edition-with-responsive-readings-topical-index.pdf
    • http://www.gorillawalker.com/best-of-times-the-story-of-charles-dickens-world-writers.pdf
    • http://www.gorillawalker.com/50-best-middle-eastern-recipes-kebab-chicken-fish-meat-soups.pdf
    • http://www.gorillawalker.com/rise-and-fall-of-epithelial-phenotype-concepts-of-epithelial-mesenchymal.pdf
    • http://www.gorillawalker.com/melvin-monkey-does-not-listen-a-picture-book-for-children.pdf
    • http://www.gorillawalker.com/disapproving-rabbits.pdf
    • http://www.gorillawalker.com/the-new-threat-from-islamic-militancy.pdf
    • http://www.gorillawalker.com/new-girl.pdf
    • http://www.gorillawalker.com/extra-und-intrakranielle-farbduplexsonographie-german-edition.pdf
    • http://www.gorillawalker.com/translation-and-the-nature-of-philosophy-routledge-revivals-a-new.pdf
    • http://www.gorillawalker.com/and-the-weak-suffer-what-they-must-europe-s-crisis.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.