Malicious PDF — malware analysis report

Static analysis result for SHA-256 2449393c9463f6de…

MALICIOUS

PDF

40.3 KB Created: 2018-11-26 20:08:08 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 9bcb2b3b5550698acdb1f5fd306c13fe SHA-1: f82ab1ccd36a1ac7e8a3b231dc123b76bf2b6647 SHA-256: 2449393c9463f6de5e37fd6835c73987e8073ad8d77ce0551dd940d6d19e61df
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute potentially malicious content disguised as legitimate documents. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/clinical-neuroanatomy-neurophysiology-and-neurology-with-a-method-of-brain.pdf
    • http://www.gorillawalker.com/columbia-1000-words-you-must-know-for-esl-book-one.pdf
    • http://www.gorillawalker.com/serial-murderers-and-their-victims.pdf
    • http://www.gorillawalker.com/beautiful-decay-issue-z.pdf
    • http://www.gorillawalker.com/the-chiropractic-theories-a-textbook-of-scientific-research.pdf
    • http://www.gorillawalker.com/popol-vuh-the-sacred-book-of-the-ancient-quiche-maya.pdf
    • http://www.gorillawalker.com/bitten-by-a-hellcat-eternal-mates-romance-series.pdf
    • http://www.gorillawalker.com/the-ultimate-assist-the-relationship-and-broadcast-strategies-of-the.pdf
    • http://www.gorillawalker.com/complete-blues-guitar-method-complete-book-cd.pdf
    • http://www.gorillawalker.com/hospital-transports.pdf
    • http://www.gorillawalker.com/tanner-s-tiger-evan-tanner.pdf
    • http://www.gorillawalker.com/pediatric-dentistry-total-patient-care.pdf
    • http://www.gorillawalker.com/the-encyclopaedia-of-medical-astrology.pdf
    • http://www.gorillawalker.com/ricci-flow-and-the-poincare-conjecture-clay-mathematics-monographs-hardcover.pdf
    • http://www.gorillawalker.com/one-doctor-close-calls-cold-cases-and-the-mysteries-of.pdf
    • http://www.gorillawalker.com/anaerobtechnik-abwasser-schlamm-und-reststoffbehandlung-biogasgewinnung-german-edition.pdf
    • http://www.gorillawalker.com/ice-sculpting-the-modern-way.pdf
    • http://www.gorillawalker.com/walk-the-alpujarras.pdf
    • http://www.gorillawalker.com/adrenaline-nation-chronic-stress-is-ruining-our-health-and-bankrupting.pdf
    • http://www.gorillawalker.com/free-and-easy-traditional-chinese-gynecology-for-american-women.pdf
    • http://www.gorillawalker.com/susan-sontag-the-complete-rolling-stone-interview.pdf
    • http://www.gorillawalker.com/blender-smoothie-recipe-book-recipes-to-detox-and-lose-weight.pdf
    • http://www.gorillawalker.com/archives-of-the-air.pdf
    • http://www.gorillawalker.com/god-used-cracked-pots.pdf
    • http://www.gorillawalker.com/workbook-in-everyday-spanish-a-comprehensive-grammar-review-4th-edition.pdf
    • http://www.gorillawalker.com/demonstrational-optics-part-1-wave-and-geometrical-optics-pt-1.pdf
    • http://www.gorillawalker.com/symphony-of-pslams-vocal-score.pdf
    • http://www.gorillawalker.com/free-will-and-responsibility-opus-books.pdf
    • http://www.gorillawalker.com/canada-a-benjamin-blog-and-his-inquisitive-dog-guide-read.pdf
    • http://www.gorillawalker.com/schmitthoff-s-export-trade-the-law-and-practice-of-international.pdf
    • http://www.gorillawalker.com/sanford-guide-to-antimicrobial-therapy-2009.pdf
    • http://www.gorillawalker.com/reapers-rennen-seuchenkriege-serie-1-german-edition.pdf
    • http://www.gorillawalker.com/medical-surgical-nurse-exam-practice-questions-med-surg-practice-tests.pdf
    • http://www.gorillawalker.com/ancient-pakistan-an-archaeological-history-volume-ii-a-prelude-to.pdf
    • http://www.gorillawalker.com/the-half-has-never-been-told-slavery-and-the-making.pdf
    • http://www.gorillawalker.com/kas.pdf
    • http://www.gorillawalker.com/indicators-monographs-in-analytical-chemistry.pdf
    • http://www.gorillawalker.com/patch-guide-u-s-navy-ships-and-submarines.pdf
    • http://www.gorillawalker.com/tomie-de-paola-children-s-authors.pdf
    • http://www.gorillawalker.com/compass-points-how-i-lived.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.