Malicious PDF — malware analysis report

Static analysis result for SHA-256 0b7b4b9c28e10009…

MALICIOUS

PDF

42.6 KB Created: 2018-12-03 17:10:57 +03:00 Authoring application: Acrobat PDFMaker 9.1 for Word (via Adobe PDF Library 9.0)
MD5: e68be0b647586eeccde6cddd01a6f4e5 SHA-1: caf1feebaea1a1722e1ffc4985b5ea64a7e5794d SHA-256: 0b7b4b9c28e100096137b2bf9288d29cd7d56212ee8807ea0add7322a754e13e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to redirect users to a link farm, potentially for SEO manipulation or to serve as a distribution point for other malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/egyptian-ideas-of-the-future-life.pdf
    • http://www.gorillawalker.com/clutter-free-home-declutter-clean-and-organize-your-home-for.pdf
    • http://www.gorillawalker.com/utopia-and-injustice-prologues-to-the-palestine-israel-war.pdf
    • http://www.gorillawalker.com/la-leyenda-de-un-guerrero-azteca-el-nacimiento-de-un.pdf
    • http://www.gorillawalker.com/superalloys-2008.pdf
    • http://www.gorillawalker.com/at-the-altar-children-s-continuous-series.pdf
    • http://www.gorillawalker.com/the-50-greatest-beers-in-the-world-an-expert-s.pdf
    • http://www.gorillawalker.com/get-into-medical-school-by-iserson.pdf
    • http://www.gorillawalker.com/epistemic-cultures-how-the-sciences-make-knowledge.pdf
    • http://www.gorillawalker.com/seal-s-desire-take-no-prisoners-series-kindle-edition.pdf
    • http://www.gorillawalker.com/crisis-in-the-nordic-nations-and-beyond-at-the-intersection.pdf
    • http://www.gorillawalker.com/qualitative-data-analysis-from-start-to-finish.pdf
    • http://www.gorillawalker.com/cartel-induction-downlow-brutal-hispanic-hazing-and-cholo-thug-action.pdf
    • http://www.gorillawalker.com/divine-commitment-and-human-obligation-selected-writings-of-david-noel.pdf
    • http://www.gorillawalker.com/iec-60050-448-ed-2-0-t-1995-international-electrotechnical.pdf
    • http://www.gorillawalker.com/the-wto-agriculture-and-sustainable-development.pdf
    • http://www.gorillawalker.com/one-dough-ten-breads-making-great-bread-by-hand.pdf
    • http://www.gorillawalker.com/oxygen-and-ozone-solubility-data.pdf
    • http://www.gorillawalker.com/atlas-geografico-de-bolivia-y-universal-geographic-atlas-of-bolivia.pdf
    • http://www.gorillawalker.com/wengartner-on-music-conducting.pdf
    • http://www.gorillawalker.com/caribbean-roots-black-british-and-caribbean-poets-read-their-own.pdf
    • http://www.gorillawalker.com/vmware-vrealize-orchestrator-essentials.pdf
    • http://www.gorillawalker.com/remember-me-bedford-deborah.pdf
    • http://www.gorillawalker.com/monkey-beach.pdf
    • http://www.gorillawalker.com/george-gershwin-platinum-collection-piano-vocal-chords-faber-edition-platinum.pdf
    • http://www.gorillawalker.com/memorias-de-adriano-memoirs-of-hadrian-spanish-edition.pdf
    • http://www.gorillawalker.com/fire-ice-igniting-and-channeling-passion-in-new-qualitative-researchers.pdf
    • http://www.gorillawalker.com/pocket-pub-walks-north-yorkshire-pocket-pub-walks.pdf
    • http://www.gorillawalker.com/mable-hoffman-s-crockery-cookery-the-revised-and-updated-edition.pdf
    • http://www.gorillawalker.com/hodder-cambridge-primary-english-work-book-stage-6-stage-6.pdf
    • http://www.gorillawalker.com/songs-from-double-fantasy-season-of-glass.pdf
    • http://www.gorillawalker.com/horizon-book-of-the-age-of-napoleon.pdf
    • http://www.gorillawalker.com/wildlife-photographer-cool-careers.pdf
    • http://www.gorillawalker.com/rvr-1960-biblia-del-pescador-azul-petr-leo-s-mil.pdf
    • http://www.gorillawalker.com/reading-and-understanding-more-multivariate-statistics.pdf
    • http://www.gorillawalker.com/discretionary-tax-and-economic-incentives.pdf
    • http://www.gorillawalker.com/mycenaean-pottery-an-introduction-monograph-36.pdf
    • http://www.gorillawalker.com/eerie-archives-volume-20.pdf
    • http://www.gorillawalker.com/the-master-s-end-masters-of-men-book-7.pdf
    • http://www.gorillawalker.com/pipe-bible-and-peyote-among-the-oglala-lakota-a-study.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.