Malicious PDF — malware analysis report

Static analysis result for SHA-256 0bff1ad2ac987530…

MALICIOUS

PDF

34.3 KB Created: 2019-05-24 01:14:14 +03:00 Authoring application: Adobe InDesign CS4 (6.0) (via Adobe PDF Library 9.0)
MD5: 076a1c0959ee1e082fbab67604c85dad SHA-1: ea762636133b805a1202aaa2eae2079d33944fd4 SHA-256: 0bff1ad2ac987530282be8618b3ecb5497ec051363e23ccdacffbd35a682ec39
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a link farm, indicating it hosts numerous external links to other PDF files. The embedded URLs all point to the same domain, suggesting a coordinated effort to manipulate search engine results or distribute content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8531

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/historical-dictionary-of-medieval-philosophy-and-theology-historical-dictionaries-of.pdf
    • http://www.gorillawalker.com/devour-series-boxset-the-devour-series.pdf
    • http://www.gorillawalker.com/dragon-in-the-caribbean-china-s-global-re-dimensioning-challenges.pdf
    • http://www.gorillawalker.com/topologie-g-n-rale-chapitres-5-10.pdf
    • http://www.gorillawalker.com/la-sonnambula-full-score-a4588.pdf
    • http://www.gorillawalker.com/sri-lanka-marco-polo-handbook-marco-polo-handbooks.pdf
    • http://www.gorillawalker.com/holotropic-breathwork-a-new-approach-to-self-exploration-and-therapy.pdf
    • http://www.gorillawalker.com/building-classroom-discipline-custom-edition.pdf
    • http://www.gorillawalker.com/reading-the-fights-the-best-writing-about-the-most-controversial.pdf
    • http://www.gorillawalker.com/who-was-joan-of-arc.pdf
    • http://www.gorillawalker.com/tackling-jim-crow-racial-segregation-in-professional-football.pdf
    • http://www.gorillawalker.com/common-construction-law-manual-construction-project-management-2nd-edition-paperback.pdf
    • http://www.gorillawalker.com/dream-big-or-go-home-today-s-dream-is-tomorrow.pdf
    • http://www.gorillawalker.com/oral-pathology-for-the-dental-hygienist-6e-oral-pathology-for.pdf
    • http://www.gorillawalker.com/the-wild-spirit.pdf
    • http://www.gorillawalker.com/christian-married-love.pdf
    • http://www.gorillawalker.com/workbook-to-accompany-reporting-and-writing-basics-for-the-21st.pdf
    • http://www.gorillawalker.com/the-hormone-decision.pdf
    • http://www.gorillawalker.com/steck-vaughn-tabe-fundamentals-michigan-student-workbook-10pk-level-d.pdf
    • http://www.gorillawalker.com/classical-guitar-christmas-sheet-music.pdf
    • http://www.gorillawalker.com/judicial-clerkships-a-practical-guide.pdf
    • http://www.gorillawalker.com/advanced-methods-in-computer-graphics-with-examples-in-opengl.pdf
    • http://www.gorillawalker.com/bravo-principal-building-relationships-with-actions-that-value-others-digital.pdf
    • http://www.gorillawalker.com/you-were-never-really-here-kindle-edition.pdf
    • http://www.gorillawalker.com/the-thebaid-kindle-edition.pdf
    • http://www.gorillawalker.com/pollutants-generated-by-the-combustion-of-solid-biomass-fuels-springerbriefs.pdf
    • http://www.gorillawalker.com/introduction-to-ielts-listening-and-speaking.pdf
    • http://www.gorillawalker.com/rumrunners.pdf
    • http://www.gorillawalker.com/vegetables-the-world-around-me-book-11-kindle-edition.pdf
    • http://www.gorillawalker.com/introduction-to-life-underwriting.pdf
    • http://www.gorillawalker.com/spectrophysics.pdf
    • http://www.gorillawalker.com/in-search-of-time-journeys-along-a-curious-dimension.pdf
    • http://www.gorillawalker.com/bell-telephone-system-technical-publications-volume-24.pdf
    • http://www.gorillawalker.com/transformative-hr-how-great-companies-use-evidence-based-change-for.pdf
    • http://www.gorillawalker.com/kelley-blue-book-used-car-guide-consumer-ed-january-june.pdf
    • http://www.gorillawalker.com/mixed-signal-circuits-devices-circuits-and-systems-digital.pdf
    • http://www.gorillawalker.com/pepita-finds-out-lo-que-pepita-descubfe-pinata-bilingual-picture.pdf
    • http://www.gorillawalker.com/exposicion-que-dirije-al-congreso-nacional-de-los-estados-unidos.pdf
    • http://www.gorillawalker.com/drummond-of-hawthornden-the-story-of-his-life-and-writings.pdf
    • http://www.gorillawalker.com/reading-ellen-white-how-to-understand-and-apply-her-writings.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.