Malicious PDF — malware analysis report

Static analysis result for SHA-256 185fa538d54de45c…

MALICIOUS

PDF

43.4 KB Created: 2018-12-28 09:13:33 +03:00 Authoring application: FPDF 1.53
MD5: 029401b8cd10fab5b025d5a541307d72 SHA-1: 95636ad986e899de5f72988f97312fb24fac6a46 SHA-256: 185fa538d54de45c710bbde3b3071b93b0a347fd7898caf7eff44050a45c196e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ginger-a-brown-tropical-root-native-to-southeast-asia-ginger.pdf
    • http://www.gorillawalker.com/a-coastal-companion-a-gulf-of-maine-almanac-from-canada.pdf
    • http://www.gorillawalker.com/immunology-pathogenesis-of-trypanosomiasis.pdf
    • http://www.gorillawalker.com/release-point.pdf
    • http://www.gorillawalker.com/how-can-a-good-god-let-bad-things-happen.pdf
    • http://www.gorillawalker.com/en-las-sombras-de-estados-unidos-narraciones-de-inmigrantes-indocumentados.pdf
    • http://www.gorillawalker.com/gaunt-s-ghosts-the-saint.pdf
    • http://www.gorillawalker.com/radio-frequency-and-elf-electromagnetic-energies-a-handbook-for-health.pdf
    • http://www.gorillawalker.com/consciousness-and-the-aquisition-of-language-studies-in-phenomenology-and.pdf
    • http://www.gorillawalker.com/the-world-is-made-of-stories.pdf
    • http://www.gorillawalker.com/guitar-chords-for-beginners-a-beginners-guitar-chord-book-with.pdf
    • http://www.gorillawalker.com/the-assimilation-of-biology-logic-and-set-theory.pdf
    • http://www.gorillawalker.com/the-suspicions-of-mr-whicher-or-the-murder-at-road.pdf
    • http://www.gorillawalker.com/the-italian-cooking-course-more-than-400-authentic-recipes-and.pdf
    • http://www.gorillawalker.com/workouts-and-turnarounds-ii-global-restructuring-strategies-for-the-next.pdf
    • http://www.gorillawalker.com/limericks-lessons-and-life-in-handbells.pdf
    • http://www.gorillawalker.com/circular-v-108.pdf
    • http://www.gorillawalker.com/official-high-school-musical-2010-calendar.pdf
    • http://www.gorillawalker.com/ready-for-marriage-ready-for-marriage-harlequin-comics.pdf
    • http://www.gorillawalker.com/i-love-you-little-bear-die-cut-animal-board.pdf
    • http://www.gorillawalker.com/osiel-vida-y-tragedia-de-un-capo-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/the-life-times-of-nero-biography-from-ancient-civilizations-biography.pdf
    • http://www.gorillawalker.com/mass-no-9-sancti-bernardi-in-b-flat-major-heiligmesse.pdf
    • http://www.gorillawalker.com/encounters-with-enlightenment-stories-from-the-life-of-the-buddha.pdf
    • http://www.gorillawalker.com/relative-values-reconfiguring-kinship-studies.pdf
    • http://www.gorillawalker.com/vocabulary-builder-course-6-student-edition.pdf
    • http://www.gorillawalker.com/white-butterfly.pdf
    • http://www.gorillawalker.com/go-tell-aunt-rhody.pdf
    • http://www.gorillawalker.com/german-how-to-speak-and-write-it-dover-dual-language.pdf
    • http://www.gorillawalker.com/the-quadrilog-tradition-and-the-future-of-ecumenism-essays-in.pdf
    • http://www.gorillawalker.com/the-aesthetics-of-anarchy-art-and-ideology-in-the-early.pdf
    • http://www.gorillawalker.com/zoom-from-atoms-and-galaxies-to-blizzards-and-bees-how.pdf
    • http://www.gorillawalker.com/mail-order-bride-comforting-the-cowboy-a-clean-western-historical.pdf
    • http://www.gorillawalker.com/fashion-promotion-in-practice-required-reading-range.pdf
    • http://www.gorillawalker.com/heavenly-temptation-amish-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/anne-geddes.pdf
    • http://www.gorillawalker.com/a-girl-of-two-worlds-flamingo-fiction-9-13s.pdf
    • http://www.gorillawalker.com/equations-aux-derivees-partielles-et-applications-partial-differential-equations-and.pdf
    • http://www.gorillawalker.com/neon-genesis-evangelion-the-shinji-ikari-raising-project-volume-10.pdf
    • http://www.gorillawalker.com/handbook-of-power-plant-chemistry.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.