Malicious PDF — malware analysis report

Static analysis result for SHA-256 132ba3bb634c63bf…

MALICIOUS

PDF

46.4 KB Created: 2018-11-26 20:06:53 +03:00 Authoring application: DVIPSONE 2.2.4 http://www.YandY.com (via Acrobat Distiller 7.0.5 (Windows))
MD5: 9245c3d17f02b050aad4bd4d79d71d39 SHA-1: 2ad77818a91f6612d57c37d12116d8b1f8d740fc SHA-256: 132ba3bb634c63bf006ed457b61afb209b5504c79460f110daa3f0583014771b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to a website that appears to host a collection of documents, suggesting a potential SEO manipulation scheme or a distribution point for further malicious content. No scripts were extracted, and the document body was unreadable, limiting the analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8309

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/greatest-cowboy-stories-ever-told-enduring-tales-of-the-western.pdf
    • http://www.gorillawalker.com/valentino-s-cowboy-brac-village-10-siren-everlasting-classic-manlove.pdf
    • http://www.gorillawalker.com/psychology-of-health-illness-and-medical-care-an-individual-perspective.pdf
    • http://www.gorillawalker.com/tosca-an-opera-in-three-acts.pdf
    • http://www.gorillawalker.com/taken-by-the-caveman-monster-erotica-erotic-time-traveling-chronicles.pdf
    • http://www.gorillawalker.com/committee-on-health-education-labor-and-pensions-legislative-calendar-december.pdf
    • http://www.gorillawalker.com/forbidden-passion-the-black-white-gay-shifter-romance-mm-series.pdf
    • http://www.gorillawalker.com/individual-taxation-2014-ed-w-cd.pdf
    • http://www.gorillawalker.com/the-mysterious-affair-at-styles.pdf
    • http://www.gorillawalker.com/kahotep-s-adventure-caramel-tree-readers-level-5.pdf
    • http://www.gorillawalker.com/that-s-how-i-roll-a-hilarious-but-fool-proof.pdf
    • http://www.gorillawalker.com/organic-structure-analysis-bycrews.pdf
    • http://www.gorillawalker.com/neuroanatomy-review-for-usmle-step-1.pdf
    • http://www.gorillawalker.com/glaucoma-an-issue-of-veterinary-clinics-of-north-america-small.pdf
    • http://www.gorillawalker.com/the-tale-of-benjamin-bunny-little-books-of-beatrix-potter.pdf
    • http://www.gorillawalker.com/puff-flies-my-phonics-readers-level-3.pdf
    • http://www.gorillawalker.com/the-sagas-of-the-icelanders-world-of-the-sagas-kindle.pdf
    • http://www.gorillawalker.com/larmac-consolidated-index-to-the-laws-rules-and-constitution-of.pdf
    • http://www.gorillawalker.com/scherer-telecommuni.pdf
    • http://www.gorillawalker.com/contours-of-ableism-the-production-of-disability-and-abledness.pdf
    • http://www.gorillawalker.com/absatzfordernde-finanzierungsmoglichkeiten-als-marketinginstrument-in-international-agierenden-unternehmen-german-edition.pdf
    • http://www.gorillawalker.com/listen-here-women-writing-in-appalachia.pdf
    • http://www.gorillawalker.com/brief-counseling-that-works-a-solution-focused-therapy-approach-for.pdf
    • http://www.gorillawalker.com/a-dictionary-of-confusable-phrases-more-than-10-000-idioms.pdf
    • http://www.gorillawalker.com/affirmative-action-an-annotated-bibliography.pdf
    • http://www.gorillawalker.com/storytelling-for-lawyers-kindle-edition.pdf
    • http://www.gorillawalker.com/international-business-in-latin-america-innovation-geography-and-internationalization-aib.pdf
    • http://www.gorillawalker.com/china-in-a-polycentric-world-essays-in-chinese-comparative-literature.pdf
    • http://www.gorillawalker.com/la-biblia-del-jugador-de-poker-the-bible-of-the.pdf
    • http://www.gorillawalker.com/trace-and-transformation-american-criticism-of-photography-in-the-modernist.pdf
    • http://www.gorillawalker.com/peptides-and-protein-phosphorylation.pdf
    • http://www.gorillawalker.com/mr-benson-a-novel.pdf
    • http://www.gorillawalker.com/my-faith-as-an-african.pdf
    • http://www.gorillawalker.com/poker-isometrics-and-poker-fitness.pdf
    • http://www.gorillawalker.com/high-mileage-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/brass-ensembles-for-young-performers.pdf
    • http://www.gorillawalker.com/playboy-may-1958.pdf
    • http://www.gorillawalker.com/censored-2004-the-top-25-censored-stories.pdf
    • http://www.gorillawalker.com/hidden-in-plain-sight-an-archaeology-of-magic-and-the.pdf
    • http://www.gorillawalker.com/symphony-no-2-op-43-full-score-a2048.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://www.YandY.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.