Malicious PDF — malware analysis report

Static analysis result for SHA-256 0feace8812789d24…

MALICIOUS

PDF

45.4 KB Created: 2019-02-14 08:12:53 +03:00 Authoring application: pdftk 1.44 - www.pdftk.com (via itext-paulo-155 (itextpdf.sf.net-lowagie.com))
MD5: bb0e43c23c02fe51faff4cd825e0ab74 SHA-1: d12cf5b3e42a0c183a6823023a2d72123820dc2f SHA-256: 0feace8812789d24d566116ffc5460ed600782168ecd7d34a7a4c080be2fb954
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The embedded URLs are likely used to manipulate search engine rankings or to distribute additional malicious content, making the primary attack pattern a form of phishing or SEO abuse.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/star-clusters-saas-fee-advanced-course-28-lecture-notes-1998.pdf
    • http://www.gorillawalker.com/school-spirit-1989-kindle-edition.pdf
    • http://www.gorillawalker.com/bairdy-s-gonna-get-ya-the-ian-baird-story.pdf
    • http://www.gorillawalker.com/bach-musico-sabio-obra-completa-spanish-edition.pdf
    • http://www.gorillawalker.com/destination-amsterdam-kindle-edition.pdf
    • http://www.gorillawalker.com/the-galapagos-a-natural-history-kindle-edition.pdf
    • http://www.gorillawalker.com/the-destined-hour.pdf
    • http://www.gorillawalker.com/the-korean-war-1950-53-men-at-arms.pdf
    • http://www.gorillawalker.com/iso-15170-1-2001-road-vehicles-four-pole-electrical-connectors.pdf
    • http://www.gorillawalker.com/camps-australia-wide-4-the-ultimate-guide-for-the-budget.pdf
    • http://www.gorillawalker.com/the-curtain-rises-oral-histories-of-the-fall-of-communism.pdf
    • http://www.gorillawalker.com/developing-readers-and-writers-in-content-areas-k-12-6th.pdf
    • http://www.gorillawalker.com/us-men-s-national-soccer-wall-calendar-2015.pdf
    • http://www.gorillawalker.com/building-math-fluency-grade-3.pdf
    • http://www.gorillawalker.com/acadia-national-park-national-geographic-trails-illustrated-map.pdf
    • http://www.gorillawalker.com/art-or-history-dina-babbitt-survived-auschwitz-by-painting-portraits.pdf
    • http://www.gorillawalker.com/latest-bike-maintenance-perfect-guide-2004-isbn-4883931498-japanese-import.pdf
    • http://www.gorillawalker.com/the-snail-and-the-whale.pdf
    • http://www.gorillawalker.com/how-to-land-a-top-paying-custodians-job-your-complete.pdf
    • http://www.gorillawalker.com/cuore-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/holocaust-rescuers-true-holocaust-survivor-stories-of-the-liberators-of.pdf
    • http://www.gorillawalker.com/transport-phenomena-in-biological-systems-2nd-edition-by-truskey-george.pdf
    • http://www.gorillawalker.com/purgatory-diary-trilogy-volume-3.pdf
    • http://www.gorillawalker.com/labour-law-in-the-courts-national-judges-and-the-ecj.pdf
    • http://www.gorillawalker.com/rethinking-reputation-how-pr-trumps-marketing-and-advertising-in-the.pdf
    • http://www.gorillawalker.com/modeling-and-control-of-greenhouse-crop-growth-advances-in-industrial.pdf
    • http://www.gorillawalker.com/morgan-4-4-the-first-75-years-the-crowood-autoclassic.pdf
    • http://www.gorillawalker.com/big-white-canoe-rio-the-amazon-and-points-beyond-kindle.pdf
    • http://www.gorillawalker.com/custom-kanban-designing-the-system-to-meet-the-needs-of.pdf
    • http://www.gorillawalker.com/a-s-glassner-san-introduction-to-ray-tracing-the-morgan.pdf
    • http://www.gorillawalker.com/kaplan-lsat-reading-comprehension-strategies-tactics-kaplan-test-prep.pdf
    • http://www.gorillawalker.com/student-services-and-the-law-a-handbook-for-practitioners-jossey.pdf
    • http://www.gorillawalker.com/the-vitamin-cure-for-women-s-health-problems.pdf
    • http://www.gorillawalker.com/the-midnight-sun.pdf
    • http://www.gorillawalker.com/now-build-a-great-business-7-ways-to-maximize-your.pdf
    • http://www.gorillawalker.com/sacred-animals-of-india.pdf
    • http://www.gorillawalker.com/to-build-the-life-you-want-create-the-work-you.pdf
    • http://www.gorillawalker.com/the-sweet-book-of-candy-making-from-the-simple-to.pdf
    • http://www.gorillawalker.com/the-varieties-of-transcendence-pragmatism-and-the-theory-of-religion.pdf
    • http://www.gorillawalker.com/my-alien-king-paranormal-romance-aliens-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.