Malicious PDF — malware analysis report

Static analysis result for SHA-256 228e665abe7ce0ab…

MALICIOUS

PDF

35.1 KB Created: 2019-12-09 22:00:59 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: 84a934661fe5a86ab3b826c921504d5a SHA-1: 87f782ed4d317449eb540b949abe557f9d8d31dc SHA-256: 228e665abe7ce0ab9e30bbebdd497548b53cc6e8df307593962ed2290bf121bb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a method to distribute traffic to numerous other documents. No scripts were extracted from this sample. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/expert-briefs-blogging-for-profit-the-stripped-down-naked-truth.pdf
    • http://www.gorillawalker.com/interracial-lumberjack-s-wood-taboo-interracial-first-time-alpha-male.pdf
    • http://www.gorillawalker.com/ftce-exceptional-student-education-k-12-practice-test-2.pdf
    • http://www.gorillawalker.com/mysticism-its-history-and-challenge.pdf
    • http://www.gorillawalker.com/obituaries-in-the-performing-arts-2000-film-television-radio-theatre.pdf
    • http://www.gorillawalker.com/the-aquatic-explorers-a-history-of-the-fisheries-research-board.pdf
    • http://www.gorillawalker.com/himself-lyubimoy-stroynaya-me-the-quiet-gymnastics-sebe-lyubimoy-stroynaya.pdf
    • http://www.gorillawalker.com/psychology-paperback.pdf
    • http://www.gorillawalker.com/priests-and-programmers-technologies-of-power-in-the-engineered-landscape.pdf
    • http://www.gorillawalker.com/omg-a-youth-ministry-handbook-youth-and-theology.pdf
    • http://www.gorillawalker.com/this-means-this-this-means-that-a-user-s-guide.pdf
    • http://www.gorillawalker.com/pounds-inches-a-new-approach-to-obesity.pdf
    • http://www.gorillawalker.com/cinco-de-mayo-american-celebrations.pdf
    • http://www.gorillawalker.com/bully-on-the-bus-decision-is-yours.pdf
    • http://www.gorillawalker.com/the-limerick-1700-examples-with-notes-variants-and-index.pdf
    • http://www.gorillawalker.com/iec-60704-2-9-ed-1-0-b-2003-household.pdf
    • http://www.gorillawalker.com/g-i-joe-cobra-the-last-laugh.pdf
    • http://www.gorillawalker.com/soviet-relations-with-asean-1967-88.pdf
    • http://www.gorillawalker.com/oceans-apart.pdf
    • http://www.gorillawalker.com/the-web-graphic-novel.pdf
    • http://www.gorillawalker.com/the-fight-of-their-lives-how-juan-marichal-and-john.pdf
    • http://www.gorillawalker.com/the-history-of-music-to-the-death-of-schubert-scholar.pdf
    • http://www.gorillawalker.com/agribusiness-fundamentals-and-applications.pdf
    • http://www.gorillawalker.com/greater-ethiopia-the-evolution-of-a-multiethnic-society-kindle-edition.pdf
    • http://www.gorillawalker.com/rebecca-vmc.pdf
    • http://www.gorillawalker.com/fight-like-a-girl-and-win-defense-decisions-for-women.pdf
    • http://www.gorillawalker.com/mcgraw-hill-education-lsat-2016-mcgraw-hill-education-lsat-premium.pdf
    • http://www.gorillawalker.com/don-t-just-relate-advocate-a-blueprint-for-profit-in.pdf
    • http://www.gorillawalker.com/you-can-t-say-that-the-growing-threat-to-civil.pdf
    • http://www.gorillawalker.com/urban-and-regional-policy-and-its-effects-building-resilient-regions.pdf
    • http://www.gorillawalker.com/essays-in-honour-of-ama-ata-aidoo-at-70-a.pdf
    • http://www.gorillawalker.com/smart-thinking-skills-for-critical-understanding-and-writing-second-edition.pdf
    • http://www.gorillawalker.com/mating-with-the-monsters-bigfoot-and-tentacle-monster-breeding.pdf
    • http://www.gorillawalker.com/beyond-pleasure-freud-lacan-barthes-refiguring-modernism.pdf
    • http://www.gorillawalker.com/structural-steel-design-5th-edition.pdf
    • http://www.gorillawalker.com/cross-country-the-usborne-riding-school.pdf
    • http://www.gorillawalker.com/greenies.pdf
    • http://www.gorillawalker.com/fire-in-the-sea-bioluminescence-and-henry-compton-s-art.pdf
    • http://www.gorillawalker.com/sexually-transmitted-diseases-in-women.pdf
    • http://www.gorillawalker.com/jom-journal-of-occupational-medicine-volume-27-number-11-november.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.