Malicious PDF — malware analysis report

Static analysis result for SHA-256 0b9546f4ea657174…

MALICIOUS

PDF

45.1 KB Created: 2018-12-14 20:07:21 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 6016d1aa1979adbc4c34f59b4e3904da SHA-1: fdbdd16c9229cde3cd0c92ae8484ef1ac7132902 SHA-256: 0b9546f4ea657174c20342bb9733886736547875139c578c5c179e2b8fd1c806
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the ML_NYX_PDF_MALICIOUS heuristic suggests malicious intent. The embedded URLs are likely intended to either manipulate search engine rankings or serve as a distribution point for further malicious content, making spearphishing attachment a probable initial access vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9407

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/guardian-angel-crown-s-spies.pdf
    • http://www.gorillawalker.com/eu-immigration-and-asylum-law-commentary-on-eu-regulations-and.pdf
    • http://www.gorillawalker.com/rock-chick-rescue-volume-2.pdf
    • http://www.gorillawalker.com/by-kasia-roberts-rn-the-superfood-smoothie-recipe-book-super.pdf
    • http://www.gorillawalker.com/the-lost-spy-an-american-in-stalin-s-service.pdf
    • http://www.gorillawalker.com/learn-french-101-basic-dialogues-with-whispersync-enhanced-audio-unabridged.pdf
    • http://www.gorillawalker.com/real-time-statistical-process-control.pdf
    • http://www.gorillawalker.com/ariadne-florentina-six-lectures-on-wood-and-metal-engraving-art.pdf
    • http://www.gorillawalker.com/nrsv-reference-bible-with-apocrypha.pdf
    • http://www.gorillawalker.com/old-electrical-wiring-evaluating-repairing-and-upgrading-dated-systems-evaluating.pdf
    • http://www.gorillawalker.com/depression-recipes-1930s-good-food-for-hard-times.pdf
    • http://www.gorillawalker.com/flight-maps-adventures-with-nature-in-modern-america.pdf
    • http://www.gorillawalker.com/mystery-of-the-phantom-gold-american-adventures-book-7.pdf
    • http://www.gorillawalker.com/they-called-her-reckless-a-true-story-of-war-love.pdf
    • http://www.gorillawalker.com/it-might-as-well-be-spring-sheet-music-with-photograph.pdf
    • http://www.gorillawalker.com/charles-garnier-s-paris-opera-architectural-empathy-and-the-renaissance.pdf
    • http://www.gorillawalker.com/quimica-conceptos-y-aplicaciones-chemistry-concepts-and-applications-spanish-edition.pdf
    • http://www.gorillawalker.com/kentucky-real-estate-sales-contracts-with-forms.pdf
    • http://www.gorillawalker.com/canadian-environmental-policy-and-politics-prospects-for-leadership-and-innovation.pdf
    • http://www.gorillawalker.com/principles-of-biostatistics-with-cd.pdf
    • http://www.gorillawalker.com/wilder-west-new-adult-mmf-and-ffm-m-nage-erotic.pdf
    • http://www.gorillawalker.com/you-can-think-like-a-psychiatrist-understanding-psychiatric-medicines.pdf
    • http://www.gorillawalker.com/a-fence-away-from-freedom.pdf
    • http://www.gorillawalker.com/labcraft-how-social-labs-cultivate-change-through-innovation-and-collaboration.pdf
    • http://www.gorillawalker.com/the-calvarymen-eyes-of-gold-the-calvarymen-eyes-of-gold.pdf
    • http://www.gorillawalker.com/semiology-of-graphics-diagrams-networks-maps.pdf
    • http://www.gorillawalker.com/the-shadow-club-the-greatest-mystery-in-the-universe-shadows.pdf
    • http://www.gorillawalker.com/euthanasia-what-to-expect-and-what-questions-to-ask-first.pdf
    • http://www.gorillawalker.com/alfred-00-el03131-trumpet-solos.pdf
    • http://www.gorillawalker.com/the-trumpet-collection-compositions-and-transcriptions-of-bernard-fitzgerald-trumpet.pdf
    • http://www.gorillawalker.com/invasive-plants-guide-to-identification-and-the-impacts-and-control.pdf
    • http://www.gorillawalker.com/edinburgh-and-lothians-exploring-the-lost-railways.pdf
    • http://www.gorillawalker.com/how-to-speak-arabic-in-jordan-easy-arabic-phrasebook-with.pdf
    • http://www.gorillawalker.com/discoverers-of-the-lost-world-an-account-of-some-of.pdf
    • http://www.gorillawalker.com/the-answers-book-the-20-most-asked-questions-about-creation.pdf
    • http://www.gorillawalker.com/crafts-in-therapy-and-rehabilitation-2nd-edition.pdf
    • http://www.gorillawalker.com/les-dessous-de-l-expedition-de-norvege-1940-l-episode.pdf
    • http://www.gorillawalker.com/italian-baking-secrets.pdf
    • http://www.gorillawalker.com/castle-adamant.pdf
    • http://www.gorillawalker.com/digital-black-white-photography-expanded-guides-techniques.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.