Malicious PDF — malware analysis report

Static analysis result for SHA-256 1740babc98abcc28…

MALICIOUS

PDF

45.7 KB Created: 2018-12-14 10:23:45 +03:00 Authoring application: Adobe Acrobat 7.05 (via Adobe Acrobat 7.05 Paper Capture Plug-in)
MD5: f1c0bc58e9180ba33d22774c2ad8ad41 SHA-1: 9103a942f5bbbd73303c8cdde7fadba657c173b4 SHA-256: 1740babc98abcc2849b4e2043ee72b0e572f7c5481de81fa91a18294542229a7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a significant number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to artificially inflate search engine rankings or to serve as a lure for users to click on potentially malicious links. The ML classifier also flagged the document as malicious, supporting this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/i-believe-the-nicene-creed.pdf
    • http://www.gorillawalker.com/streaking-the-collected-poems-of-gary-botting-kindle-edition.pdf
    • http://www.gorillawalker.com/babysitting-guide-beginners-handbook-to-babysitting-business.pdf
    • http://www.gorillawalker.com/100-things-you-should-know-about-big-cats-remarkable-man.pdf
    • http://www.gorillawalker.com/healthy-eating-for-ibs-irritable-bowel-syndrome-in-association-with.pdf
    • http://www.gorillawalker.com/michelle-obamas-first-family-of-hope.pdf
    • http://www.gorillawalker.com/japanese-strategic-thought-toward-asia-strategic-thought-in-northeast-asia.pdf
    • http://www.gorillawalker.com/advanced-strategies-in-taxation-fourth-edition.pdf
    • http://www.gorillawalker.com/come-we-shepherds-keyboard-or-harp-sheet-music.pdf
    • http://www.gorillawalker.com/gendered-voices-in-lakhota-oxford-studies-in-anthropological-linguistics.pdf
    • http://www.gorillawalker.com/getting-to-know-arcgis.pdf
    • http://www.gorillawalker.com/pacific-ethno-nationalism-the-fiji-experience-kindle-edition.pdf
    • http://www.gorillawalker.com/the-actor-s-book-of-classical-monologues-more-than-150.pdf
    • http://www.gorillawalker.com/the-pursuit-of-acting-working-actors-share-their-experience-and.pdf
    • http://www.gorillawalker.com/the-story-behind-the-little-red-book-the-evolution-of.pdf
    • http://www.gorillawalker.com/constructing-undergraduate-psychology-curricula-promoting-authentic-learning-and-assessment-in.pdf
    • http://www.gorillawalker.com/bottleneck-humanity-s-impending-impasse.pdf
    • http://www.gorillawalker.com/presentation-zen-design-simple-design-principles-and-techniques-to-enhance.pdf
    • http://www.gorillawalker.com/architecture-as-a-synthesis-of-the-arts.pdf
    • http://www.gorillawalker.com/multifractal-processes-theory-and-applications-of-complex-fractal-structures-applied.pdf
    • http://www.gorillawalker.com/i-will-not-read-this-book.pdf
    • http://www.gorillawalker.com/the-hundredth-name.pdf
    • http://www.gorillawalker.com/complexion-perfection-your-ultimate-guide-to-beautiful-skin-by-hollywood.pdf
    • http://www.gorillawalker.com/the-postcolonial-studies-dictionary-and-anthology-set.pdf
    • http://www.gorillawalker.com/textiles-basics-fashion-series.pdf
    • http://www.gorillawalker.com/breakthrough-on-skis-how-to-get-out-of-the-intermediate.pdf
    • http://www.gorillawalker.com/artificial-intelligence-in-medicine-11th-conference-on-artificial-intelligence-in.pdf
    • http://www.gorillawalker.com/survivors-5-the-endless-lake.pdf
    • http://www.gorillawalker.com/practical-veterinary-dental-radiography.pdf
    • http://www.gorillawalker.com/marine-diesel-engine-basics-a-beginners-guide-to-marine-diesel.pdf
    • http://www.gorillawalker.com/soir-es-de-vienne-s-427-for-violin-and-piano.pdf
    • http://www.gorillawalker.com/discrete-mathematics-with-graph-theory-3rd-edition.pdf
    • http://www.gorillawalker.com/the-inside-advantage-the-strategy-that-unlocks-the-hidden-growth.pdf
    • http://www.gorillawalker.com/disraeli-and-his-day.pdf
    • http://www.gorillawalker.com/poem-of-the-end-selected-lyrical-narrative-poetry.pdf
    • http://www.gorillawalker.com/stockholm-tourist-map-se-c-st.pdf
    • http://www.gorillawalker.com/nursing-homes-working-living-and-dying-in-long-term-care.pdf
    • http://www.gorillawalker.com/when-love-gets-tough-the-nursing-home-decision.pdf
    • http://www.gorillawalker.com/confucian-moral-self-cultivation.pdf
    • http://www.gorillawalker.com/pablo-picasso-a-retrospective-museum-of-modern-art-new-york.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.