Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a37eae3304f8851…

MALICIOUS

PDF

43.6 KB Created: 2019-03-17 04:52:21 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: 2c7be5faedaaabefc3db6d92857485c6 SHA-1: c140de8dbd5d4e6ec178c28f13232cd5ad4ac27d SHA-256: 1a37eae3304f88515dcfcc161e595b86fed76af5b294b56f6af642401c93f222
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to PDF files on the same domain, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ong-on-specific-performance.pdf
    • http://www.gorillawalker.com/moon-boy-vol-9.pdf
    • http://www.gorillawalker.com/color-correction-handbook-professional-techniques-for-video-and-cinema-2nd.pdf
    • http://www.gorillawalker.com/auditioning-and-acting-for-the-camera-proven-techniques-for-auditioning.pdf
    • http://www.gorillawalker.com/merriam-webster-s-collegiate-dictionary-11th-edition-book-with-online.pdf
    • http://www.gorillawalker.com/monsieur-badin-scene-de-la-vie-de-bureau-saynete-en.pdf
    • http://www.gorillawalker.com/the-god-of-old-inside-the-lost-world-of-the.pdf
    • http://www.gorillawalker.com/trucks-wall-calendar-2015-trucker-calendar-poster-calendar-automobile-calendar.pdf
    • http://www.gorillawalker.com/hybrid-dynamical-systems-modeling-stability-and-robustness.pdf
    • http://www.gorillawalker.com/northern-india-nelles-map.pdf
    • http://www.gorillawalker.com/the-collected-works-of-gerard-manley-hopkins-volumes-i-and.pdf
    • http://www.gorillawalker.com/i-am-number-four-the-lost-files-the-forgotten-ones.pdf
    • http://www.gorillawalker.com/the-genetical-analysis-of-quantitative-traits.pdf
    • http://www.gorillawalker.com/s-w-silver-co-s-handbook-to-south-africa-including.pdf
    • http://www.gorillawalker.com/back-on-track-fighting-cough-at-home-how-to-prevent.pdf
    • http://www.gorillawalker.com/how-to-be-a-gentleman-revised-updated-a-contemporary-guide.pdf
    • http://www.gorillawalker.com/bleu-nuit-harpe.pdf
    • http://www.gorillawalker.com/it-shouldn-t-happen-to-a-dog-trainer-volume-1.pdf
    • http://www.gorillawalker.com/4000-miles.pdf
    • http://www.gorillawalker.com/my-body-mi-cuerpo-english-and-spanish-foundations-series-bilingual.pdf
    • http://www.gorillawalker.com/humanism-the-whore-of-babylon-and-the-sleeping-church.pdf
    • http://www.gorillawalker.com/crash-course-rheumatology-and-orthopaedics-updated-print-ebook-edition-3e.pdf
    • http://www.gorillawalker.com/performing-bach-s-keyboard-music.pdf
    • http://www.gorillawalker.com/life-in-the-uk-test-practice-kindle-edition.pdf
    • http://www.gorillawalker.com/gluten-free-made-easy-enjoy-a-healthy-life-living-gluten.pdf
    • http://www.gorillawalker.com/complete-guide-to-step-aerobics-jones-and-bartlett-series-in.pdf
    • http://www.gorillawalker.com/chemical-physics-corrected-form-the-4th-london-ed-elements-of.pdf
    • http://www.gorillawalker.com/foster-care-in-indian-tribes-challenges-federal-assistance.pdf
    • http://www.gorillawalker.com/jesus-alamah-s-basic-visual-library-spanish-edition.pdf
    • http://www.gorillawalker.com/a-manual-for-the-wearing-of-orders-decorations-and-medals.pdf
    • http://www.gorillawalker.com/profitable-pricing-strategies.pdf
    • http://www.gorillawalker.com/vadose-zone-processes.pdf
    • http://www.gorillawalker.com/how-to-become-a-famous-writer-before-you-re-dead.pdf
    • http://www.gorillawalker.com/buddhist-animal-wisdom-stories-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/origen-homilies-on-leviticus-fathers-of-the-church.pdf
    • http://www.gorillawalker.com/a-guide-book-of-washington-and-state-quarter-dollars-official.pdf
    • http://www.gorillawalker.com/imitation-of-christ-catholic-classics-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-heal-depression.pdf
    • http://www.gorillawalker.com/astrophotography-proceedings.pdf
    • http://www.gorillawalker.com/the-complete-operas-of-richard-strauss-da-capo-paperback.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.