Malicious PDF — malware analysis report

Static analysis result for SHA-256 0dcdecde9123fba8…

MALICIOUS

PDF

43.0 KB Created: 2018-12-02 20:09:53 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: 71f900016edae53c65bd35bbf501c605 SHA-1: 6fa8b7433f94594334f96217db2e01fab94a2019 SHA-256: 0dcdecde9123fba8cb67c2d2037b9d6841cd539917db4be7425ed2deebe6ed44
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute content. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or potentially host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-amazing-secret-of-the-souls-in-purgatory-an-interview.pdf
    • http://www.gorillawalker.com/the-great-rift-valley-being-the-narrative-of-a-journey.pdf
    • http://www.gorillawalker.com/closing-pandora-s-box-arms-races-arms-control-and-the.pdf
    • http://www.gorillawalker.com/bugs-know-it-alls.pdf
    • http://www.gorillawalker.com/promise-bible-for-mothers-king-james-version.pdf
    • http://www.gorillawalker.com/scale-studies-book-2-developmental-and-progressive-studies-for-flute.pdf
    • http://www.gorillawalker.com/atlas-of-benthic-foraminifera.pdf
    • http://www.gorillawalker.com/psychological-first-aid-and-the-good-samaritan.pdf
    • http://www.gorillawalker.com/booker-t-washington-educator-author-and-civil-rights-leader-transcending.pdf
    • http://www.gorillawalker.com/fleet-street-reports-2009-cases-on-intellectual-property-law.pdf
    • http://www.gorillawalker.com/developing-cassandra.pdf
    • http://www.gorillawalker.com/accelerator-mass-spectrometry-ultrasensitive-analysis-for-global-science.pdf
    • http://www.gorillawalker.com/the-king-s-shadow.pdf
    • http://www.gorillawalker.com/silicon-in-organic-organometallic-and-polymer-chemistry.pdf
    • http://www.gorillawalker.com/ministering-like-the-master-three-messages-for-today-s-preachers.pdf
    • http://www.gorillawalker.com/this-is-my-ball-esta-es-mi-pelota-our-toys.pdf
    • http://www.gorillawalker.com/before-the-fall-a-rojan-dizon-novel.pdf
    • http://www.gorillawalker.com/advanced-modern-arnis-a-road-to-mastery.pdf
    • http://www.gorillawalker.com/the-unwinding-an-inner-history-of-the-new-america-kindle.pdf
    • http://www.gorillawalker.com/luxury-tax-the-complete-series-the-cartel-publications-presents.pdf
    • http://www.gorillawalker.com/el-pais-de-las-adivinanzas-the-country-of-riddles-spanish.pdf
    • http://www.gorillawalker.com/one-size-does-not-fit-all-a-student-s-assessment.pdf
    • http://www.gorillawalker.com/directory-of-world-cinema-china-2-ib-directory-of-world.pdf
    • http://www.gorillawalker.com/there-s-no-such-thing-as-monsters.pdf
    • http://www.gorillawalker.com/diseases-of-workers.pdf
    • http://www.gorillawalker.com/day-of-two-suns-u-s-nuclear-testing-and-the.pdf
    • http://www.gorillawalker.com/how-good-people-make-tough-choices-rev-ed-resolving-the.pdf
    • http://www.gorillawalker.com/a-short-guide-to-contract-risk-short-guides-to-business.pdf
    • http://www.gorillawalker.com/cinco-personas-que-encontraras-en-el-cielo-las.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-resumes.pdf
    • http://www.gorillawalker.com/connect-plus-economics-one-semester-access-card-for-macroeconomics.pdf
    • http://www.gorillawalker.com/this-is-my-beloved-son-the-transfiguration-of-christ.pdf
    • http://www.gorillawalker.com/alchimie-in-cucina-ingredienti-tecniche-e-trucchi-per-piatti-che.pdf
    • http://www.gorillawalker.com/banqueting-for-one.pdf
    • http://www.gorillawalker.com/hiroshima-in-the-morning.pdf
    • http://www.gorillawalker.com/the-evolution-of-mind-fundamental-questions-and-controversies.pdf
    • http://www.gorillawalker.com/the-enduring-ark.pdf
    • http://www.gorillawalker.com/james-turrell-the-other-horizon.pdf
    • http://www.gorillawalker.com/quilts-2007-calendar-the-alliance-for-american-quilts.pdf
    • http://www.gorillawalker.com/daytona-beach-volusia-county-fl.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.