Malicious PDF — malware analysis report

Static analysis result for SHA-256 25d15ca3f38ade74…

MALICIOUS

PDF

46.8 KB Created: 2019-03-17 06:37:51 +03:00 Authoring application: Adobe InDesign CS5_J (7.0.4) (via Acrobat Distiller 9.5.0 (Windows))
MD5: abdc482751b757a180429d60f3868ccf SHA-1: 5798464a20bb7c58259d67604be177f083eb7ed0 SHA-256: 25d15ca3f38ade74ec48870670b09e9d7cc5bd6f3d95e371bcb700d0875b0254
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated but contains URLs pointing to the same domain, suggesting a link farm or redirection scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/calculus-of-one-variable.pdf
    • http://www.gorillawalker.com/ring-around-the-rosie-kindle-edition.pdf
    • http://www.gorillawalker.com/repentance-the-first-word-of-the-gospel.pdf
    • http://www.gorillawalker.com/the-sculptures-of-santa-lucia-cosumalwhuapa-in-guatemala-with-an.pdf
    • http://www.gorillawalker.com/the-trail-a-bibliography-of-the-travelers-on-the-overland.pdf
    • http://www.gorillawalker.com/chretien-de-troyes-garland-library-of-medieval-literature.pdf
    • http://www.gorillawalker.com/imperial-germany-and-the-great-war-1914-1918-new-approaches.pdf
    • http://www.gorillawalker.com/la-fundacion-de-brasil-testimonios-1500-1700-biblioteca-ayacucho-spanish.pdf
    • http://www.gorillawalker.com/the-my-first-bible-stories-new-testament-the-baptism-of.pdf
    • http://www.gorillawalker.com/becoming-a-thug-wife-complete-series-interracial-gender-swap-erotica.pdf
    • http://www.gorillawalker.com/ground-beef-and-outdoor-cooking.pdf
    • http://www.gorillawalker.com/arrows-to-the-moon-avro-s-engineers-and-the-space.pdf
    • http://www.gorillawalker.com/manuel-de-falla-and-modernism-in-spain-1898-1936.pdf
    • http://www.gorillawalker.com/optimal-real-time-control-of-stochastic-multipurpose-multireservoir-systems.pdf
    • http://www.gorillawalker.com/alanis-morissette-jagged-little-pill-guitar-tab-vocal.pdf
    • http://www.gorillawalker.com/wipe-clean-early-learning-activity-book-wipe-clean-early-learning.pdf
    • http://www.gorillawalker.com/switching-time-kindle-edition.pdf
    • http://www.gorillawalker.com/process-plant-equipment-cost-estimation.pdf
    • http://www.gorillawalker.com/das-amulett-16-mystik-arme-kleine-prinzessin-vicky-german-edition.pdf
    • http://www.gorillawalker.com/6-lieder-op-48-die-ehre-gottes-aus-der-natur.pdf
    • http://www.gorillawalker.com/popeye-an-illustrated-history-of-e-c-segar-s-character.pdf
    • http://www.gorillawalker.com/california-vegetation.pdf
    • http://www.gorillawalker.com/egyptian-stories-tales-from-around-the-world.pdf
    • http://www.gorillawalker.com/what-every-law-student-really-needs-to-know-an-introduction.pdf
    • http://www.gorillawalker.com/security-of-block-ciphers-from-algorithm-design-to-hardware-implementation.pdf
    • http://www.gorillawalker.com/bonsai-basics-a-step-by-step-guide-to-growing-training.pdf
    • http://www.gorillawalker.com/the-saving-lie-truth-and-method-in-the-social-sciences.pdf
    • http://www.gorillawalker.com/a-journey-into-partial-differential-equations-international-series-in-mathematics.pdf
    • http://www.gorillawalker.com/obedience-school-taking-it-for-the-team-kindle-edition.pdf
    • http://www.gorillawalker.com/by-dorling-kindersley-eyewitness-travel-guides-cambodia-and-laos-revised.pdf
    • http://www.gorillawalker.com/a-survey-of-the-literature-of-dental-caries.pdf
    • http://www.gorillawalker.com/tratamiento-de-oclusion-y-afecciones-temporomandibulares-7-ed-el-precio.pdf
    • http://www.gorillawalker.com/two-at-a-time-reflections-and-revelations-of-a-kansas.pdf
    • http://www.gorillawalker.com/big-fish-s-supper-jonah-and-the-great-fish-bible.pdf
    • http://www.gorillawalker.com/art-and-print-production-oxford-higher-education.pdf
    • http://www.gorillawalker.com/global-perspectives-on-prostitution-and-sex-trafficking-africa-asia-middle.pdf
    • http://www.gorillawalker.com/wide-body-the-triumph-of-the-747.pdf
    • http://www.gorillawalker.com/firefighter-nozzlehead-what-firefighters-do.pdf
    • http://www.gorillawalker.com/the-ultimate-marbling-handbook-a-guide-to-basic-and-advanced.pdf
    • http://www.gorillawalker.com/missa-brevis-sti-joannis-de-deo-vocal-score.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.