Malicious PDF — malware analysis report

Static analysis result for SHA-256 15e17910b29eb4ee…

MALICIOUS

PDF

44.8 KB Created: 2018-11-14 08:15:37 +03:00 Authoring application: FrameMaker 5.5.6p145 (via Acrobat Distiller 6.0 (Windows))
MD5: ef537408e41b5178e8587b314d493383 SHA-1: 28f35c25f3596ece68737a5a51c0612ce0b2d1e5 SHA-256: 15e17910b29eb4ee82e469304ce8fab2da09db8f206397ce56b73d260fed3441
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or content distribution tactic. While no scripts were extracted, the embedded URLs point to a domain that appears to host numerous PDF files, indicating a potential SEO or traffic generation scheme. The presence of many external links within a single PDF is a common tactic for phishing or distributing malicious content, hence the classification as Spearphishing Attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-death-and-resurrection-of-the-beloved-son-the-transformation.pdf
    • http://www.gorillawalker.com/new-life-books-travel-series-doctrine-hi-austria.pdf
    • http://www.gorillawalker.com/inside-outside-kindle-edition.pdf
    • http://www.gorillawalker.com/caillou-happy-easter-confetti.pdf
    • http://www.gorillawalker.com/bourree-tuba-solo-with-piano-accompaniment-student-instrumental-course-level.pdf
    • http://www.gorillawalker.com/viaggio-nella-bellezza-varia-illustrati-italian-edition.pdf
    • http://www.gorillawalker.com/ghost-stories-from-the-american-south-american-storytelling.pdf
    • http://www.gorillawalker.com/how-to-be-a-dog.pdf
    • http://www.gorillawalker.com/forensic-entomology-an-introduction-kindle-edition.pdf
    • http://www.gorillawalker.com/analog-integrated-circuit-design.pdf
    • http://www.gorillawalker.com/cut-the-sugar-cookbook-better-homes-gardens.pdf
    • http://www.gorillawalker.com/professional-review-guide-for-the-rhia-and-rhit-examinations.pdf
    • http://www.gorillawalker.com/vasco-da-gama-and-the-portuguese-explorers-world-explorers.pdf
    • http://www.gorillawalker.com/effects-of-nationalism-on-regional-integration-a-comparative-study-of.pdf
    • http://www.gorillawalker.com/dark-bishop-part-three-threat-the-dark-bishop-serial-series.pdf
    • http://www.gorillawalker.com/am-abend-aber-desselbigen-sabbats-bwv-42-oboe-1-part.pdf
    • http://www.gorillawalker.com/book-of-common-prayer-chapel-edition-by-church-publishing-12.pdf
    • http://www.gorillawalker.com/gingerdead-man.pdf
    • http://www.gorillawalker.com/my-samsung-galaxy-s6.pdf
    • http://www.gorillawalker.com/knock-knock-100-reasons-to-panic-about-being-a-grownup.pdf
    • http://www.gorillawalker.com/breastfeeding-and-catholic-motherhood-god-s-plan-for-you-and.pdf
    • http://www.gorillawalker.com/introduction-to-radar-target-recognition-radar-sonar-navigation.pdf
    • http://www.gorillawalker.com/napoleon-s-lost-fleet-bonaparte-nelson-and-the-battle-of.pdf
    • http://www.gorillawalker.com/china-s-urban-billion-the-story-behind-the-biggest-migration.pdf
    • http://www.gorillawalker.com/iso-4796-3-2000-laboratory-glassware-bottles-part-3-aspirator.pdf
    • http://www.gorillawalker.com/pygmalion-and-candida.pdf
    • http://www.gorillawalker.com/basics-a-beginner-s-guide-to-stage-lighting.pdf
    • http://www.gorillawalker.com/maps-and-plans-of-dutch-ceylon-a-representative-collection-of.pdf
    • http://www.gorillawalker.com/mannko-liebeserkl-rung-an-ein-m-ngelwesen-german-edition.pdf
    • http://www.gorillawalker.com/using-spss-for-social-statistics-and-research-methods.pdf
    • http://www.gorillawalker.com/electronic-materials-a-new-era-in-materials-science-springer-series.pdf
    • http://www.gorillawalker.com/crayon-portraiture-complete-instructions-for-making-crayon-portraits-on-crayon.pdf
    • http://www.gorillawalker.com/the-perfect-plan-book.pdf
    • http://www.gorillawalker.com/wild-fermentation-the-flavor-nutrition-and-craft-of-live-culture.pdf
    • http://www.gorillawalker.com/home-health-pocket-guide-to-oasis-c-a-reference-for.pdf
    • http://www.gorillawalker.com/fashion-design-studio-learn-to-draw-figures-fashion-hairstyles-more.pdf
    • http://www.gorillawalker.com/geoffrey-s-rules.pdf
    • http://www.gorillawalker.com/pantomimes-charades-and-skits.pdf
    • http://www.gorillawalker.com/faith-based-radicalism-christianity-islam-and-judaism-between-constructive-activism.pdf
    • http://www.gorillawalker.com/hollywood-on-the-riviera-the-inside-story-of-the-cannes.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.