Malicious PDF — malware analysis report

Static analysis result for SHA-256 2598dde8740c3e9a…

MALICIOUS

PDF

39.7 KB Created: 2018-12-05 08:14:03 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: 1052ef1796705cb3d64eefa44ba36cc1 SHA-1: cf87104fabe46726d41208d7f09e192f6eeb849d SHA-256: 2598dde8740c3e9a70374dd08f9553550c8e16dad27b8d7cb27c6871bd4b2087
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or a distribution point for malicious content. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points towards a malicious intent, likely to lure users to external sites. The document body was heavily obfuscated and contained many of these URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pirate-daughter-s-promise-pirates-faith-book-1-kindle.pdf
    • http://www.gorillawalker.com/daniel-calparsoro-spanish-and-latin-american-film-kindle-edition.pdf
    • http://www.gorillawalker.com/monster-high-diaries-frankie-stein-and-the-new-ghoul-at.pdf
    • http://www.gorillawalker.com/tolerance-heart-of-stone-book-2.pdf
    • http://www.gorillawalker.com/the-rich-don-t-always-win-the-forgotten-triumph-over.pdf
    • http://www.gorillawalker.com/agents-and-data-mining-interaction-10th-international-workshop-admi-2014.pdf
    • http://www.gorillawalker.com/o-jerusalem.pdf
    • http://www.gorillawalker.com/pharaohs-and-kings-a-biblical-quest.pdf
    • http://www.gorillawalker.com/empowering-moments-a-21-day-devotional.pdf
    • http://www.gorillawalker.com/kippy-koala.pdf
    • http://www.gorillawalker.com/topology-with-applications-topological-spaces-via-near-and-far.pdf
    • http://www.gorillawalker.com/the-youth-charter-how-communities-can-work-together-to-raise.pdf
    • http://www.gorillawalker.com/the-king-s-bishop.pdf
    • http://www.gorillawalker.com/kingfisher-children-s-illustrated-thesaurus.pdf
    • http://www.gorillawalker.com/the-farm-shop-cookbook.pdf
    • http://www.gorillawalker.com/mohammed-and-charlemagne-revisited-the-history-of-a-controversy.pdf
    • http://www.gorillawalker.com/islamic-buildings-the-architecture-of-islamic-mosques-in-china-library.pdf
    • http://www.gorillawalker.com/acid-base.pdf
    • http://www.gorillawalker.com/nancy-caroline-s-emergency-care-in-the-streets-2-volume.pdf
    • http://www.gorillawalker.com/german-monetary-theory-revisited.pdf
    • http://www.gorillawalker.com/le-tartuffe-french-edition.pdf
    • http://www.gorillawalker.com/vox-super-mini-medical-spanish-and-english-dictionary-vox-dicitonaries.pdf
    • http://www.gorillawalker.com/na-klar-2-arbeitsheft-direkt-lower.pdf
    • http://www.gorillawalker.com/play-making-a-manual-of-craftsmanship-1912.pdf
    • http://www.gorillawalker.com/a-dedicated-man-an-inspector-banks-novel-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/the-secret-in-defiance-a-coming-of-age-supernatural-thriller.pdf
    • http://www.gorillawalker.com/sublinear-algorithms-for-big-data-applications-springerbriefs-in-computer-science.pdf
    • http://www.gorillawalker.com/just-a-summer-fling-a-lake-sullivan-romance.pdf
    • http://www.gorillawalker.com/ib-physics-option-a-sight-and-wave-phenomena-standard-level.pdf
    • http://www.gorillawalker.com/how-to-get-the-best-out-of-your-man.pdf
    • http://www.gorillawalker.com/viral-marketing-kindle-edition.pdf
    • http://www.gorillawalker.com/diagnostic-cytology-hematology-of-the-horse.pdf
    • http://www.gorillawalker.com/art-experience-indira-gandhi-national-centre-for-the-arts.pdf
    • http://www.gorillawalker.com/the-walking-dead-1-gute-alte-zeit-german-edition-kindle.pdf
    • http://www.gorillawalker.com/riding-the-odds.pdf
    • http://www.gorillawalker.com/selena-gomez-the-ultimate-fan-book-2015-selena-gomez-facts.pdf
    • http://www.gorillawalker.com/installation-art-in-the-new-millennium-the-empire-of-the.pdf
    • http://www.gorillawalker.com/fundamentals-of-photoinduced-electron-transfer.pdf
    • http://www.gorillawalker.com/tudor-war-the-history-detective-investigates.pdf
    • http://www.gorillawalker.com/own-the-wind-a-chaos-novel.pdf
    • http://www.gorillawalker.com/em
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.