Malicious PDF — malware analysis report

Static analysis result for SHA-256 15f7235f6d055338…

MALICIOUS

PDF

45.8 KB Created: 2018-12-15 20:00:32 +03:00 Authoring application: iBooks Author (via Mac OS X 10.9.3 Quartz PDFContext)
MD5: 715decb8e2c2a0f40e74553af083f260 SHA-1: 69710543bea2732b44630421db59a194fef0f04f SHA-256: 15f7235f6d0553380c7c43dfa58fcb103021ea214c63e6700a1d7e9866d191cf
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to a single domain, identified by the PDF_SEO_LINK_FARM heuristic. While no active script was extracted, the sheer volume of links suggests an attempt to manipulate search engine results or to serve as a distribution point for other malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/class-series-of-institutions-of-higher-learning-quality-teaching-materials.pdf
    • http://www.gorillawalker.com/devil-s-own-the.pdf
    • http://www.gorillawalker.com/the-invention-of-the-palestinians-27-theses-they-won-t.pdf
    • http://www.gorillawalker.com/my-liege-of-dark-haven.pdf
    • http://www.gorillawalker.com/the-world-of-thought-in-ancient-china.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-the-motorcycle.pdf
    • http://www.gorillawalker.com/the-complete-low-fodmap-diet-a-revolutionary-plan-for-managing.pdf
    • http://www.gorillawalker.com/ancient-greece-time-travel-books-korean-edition.pdf
    • http://www.gorillawalker.com/midnight-and-the-racehorse-the-black-pony-adventures-volume-2.pdf
    • http://www.gorillawalker.com/superfoods-today-smart-carbs-20-days-detox-160-recipes-to.pdf
    • http://www.gorillawalker.com/pioneering-michigan.pdf
    • http://www.gorillawalker.com/phytochemicals-in-human-health-protection-nutrition-and-plant-defense-recent.pdf
    • http://www.gorillawalker.com/fantastic-four-foes-fantastic-four-marvel-paperback.pdf
    • http://www.gorillawalker.com/best-mobile-apps-to-increase-productivity-and-save-money-and.pdf
    • http://www.gorillawalker.com/wild-2016-wall-calendar-untamed-animals-untouched-landscapes.pdf
    • http://www.gorillawalker.com/search-how-the-data-explosion-makes-us-smarter-greenhouse-collection.pdf
    • http://www.gorillawalker.com/lost-and-found-cedar-river-daydreams-15.pdf
    • http://www.gorillawalker.com/fenton-art-glass-beasts-birds-butterflies.pdf
    • http://www.gorillawalker.com/hermit-crabs-of-the-northeastern-atlantic-ocean-and-mediterranean-sea.pdf
    • http://www.gorillawalker.com/high-performance-sailing-faster-racing-techniques.pdf
    • http://www.gorillawalker.com/island-societies-archaeological-approaches-to-evolution-and-transformation-new-directions.pdf
    • http://www.gorillawalker.com/gerald-r-ford-the-american-presidents-series-the-38th-president.pdf
    • http://www.gorillawalker.com/buddhist-tantras.pdf
    • http://www.gorillawalker.com/keith-haring-journals-penguin-classics-deluxe-edition.pdf
    • http://www.gorillawalker.com/alive-in-hard-country-poems.pdf
    • http://www.gorillawalker.com/greenspan-the-man-behind-money.pdf
    • http://www.gorillawalker.com/the-100-best-stocks-you-can-buy-2007-10th-anniversary.pdf
    • http://www.gorillawalker.com/woodworker-s-guide-to-sharpening-all-you-need-to-know.pdf
    • http://www.gorillawalker.com/classical-analysis-on-normed-spaces.pdf
    • http://www.gorillawalker.com/steinberg-at-the-new-yorker.pdf
    • http://www.gorillawalker.com/the-business-analyst-as-strategist-translating-business-strategies-into-valuable.pdf
    • http://www.gorillawalker.com/prisons-and-visions-pierre-unik-s-journey-from-surrealism-into.pdf
    • http://www.gorillawalker.com/men-of-valour.pdf
    • http://www.gorillawalker.com/the-metaphysics-of-dante-s-comedy-american-academy-of-religion.pdf
    • http://www.gorillawalker.com/enrichment-math-grade-2-animaniacs-mcgraw-hill-learning-materials-spectrum.pdf
    • http://www.gorillawalker.com/scenes-for-mandarins.pdf
    • http://www.gorillawalker.com/longman-preparation-course-for-the-toefl-test-practice-tests-volume.pdf
    • http://www.gorillawalker.com/world-history-journey-across-time-active-reading-note-taking-guide.pdf
    • http://www.gorillawalker.com/histopathology-specimens-clinical-pathological-and-laboratory-aspects.pdf
    • http://www.gorillawalker.com/the-ninja-blender-recipe-book-100-smoothie-soup-recipes-for.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.