Malicious PDF — malware analysis report

Static analysis result for SHA-256 2749b7ced4f9a3c2…

MALICIOUS

PDF

44.6 KB Created: 2018-11-30 20:56:38 +03:00 Authoring application: PDFpen
MD5: cdd7a7c58e911546d30d9096d1bf07ec SHA-1: 41a686fb55e0f54c1bebc437befa0ddf01360c78 SHA-256: 2749b7ced4f9a3c2801e7fdbcb5391d6509c38c77a5bf2096baa57b28e73dffb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The document body is heavily obfuscated, but the presence of numerous links to external PDF files suggests a link farm or redirection strategy, likely intended to drive traffic or host further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-25-greatest-sports-conspiracy-theories-of-all-time-ranking.pdf
    • http://www.gorillawalker.com/resampling-methods-for-dependent-data-springer-series-in-statistics.pdf
    • http://www.gorillawalker.com/crowdfunding-nation-the-rise-and-evolution-of-collaborative-funding-kindle.pdf
    • http://www.gorillawalker.com/poison-arrows-north-american-indian-hunting-and-warfare.pdf
    • http://www.gorillawalker.com/luxe-ho-chi-minh-city-luxe-city-guides.pdf
    • http://www.gorillawalker.com/the-oregon-trail-sketches-of-prairie-and-rocky-mountain-life.pdf
    • http://www.gorillawalker.com/solution-oriented-hypnosis-an-ericksonian-approach.pdf
    • http://www.gorillawalker.com/pollution-of-ganga-river.pdf
    • http://www.gorillawalker.com/joy-of-backyard-boat-building.pdf
    • http://www.gorillawalker.com/1995-ford-ranger-electrical-and-vacuum-troubleshooting-manual.pdf
    • http://www.gorillawalker.com/measuring-the-water-status-of-plants-and-soils.pdf
    • http://www.gorillawalker.com/animation-master-a-complete-guide-graphics-series.pdf
    • http://www.gorillawalker.com/basic-engineering-physics-volume-i-wbtu.pdf
    • http://www.gorillawalker.com/hunting-season-the-execution-of-james-foley-islamic-state-and.pdf
    • http://www.gorillawalker.com/the-complete-on-board-celestial-navigator-2007-2011-edition-everything.pdf
    • http://www.gorillawalker.com/wolves-zoobooks.pdf
    • http://www.gorillawalker.com/the-absence-of-grand-strategy-the-united-states-in-the.pdf
    • http://www.gorillawalker.com/bartholomew-the-beast-kindle-edition.pdf
    • http://www.gorillawalker.com/what-katy-did-with-her-billionaire-boss-billionaire-bdsm-erotica.pdf
    • http://www.gorillawalker.com/grandparents-rights-with-forms.pdf
    • http://www.gorillawalker.com/legend-of-the-scarlet-blades.pdf
    • http://www.gorillawalker.com/a-catechism-of-familiar-things-their-history-and-the-events.pdf
    • http://www.gorillawalker.com/the-healthy-way-to-stretch-your-dog-a-physical-therapy.pdf
    • http://www.gorillawalker.com/atoms-chemicals-in-action.pdf
    • http://www.gorillawalker.com/archives-historiques-et-litt-raire-du-nord-de-la-france.pdf
    • http://www.gorillawalker.com/curries-and-bugles-a-memoir-cookbook-of-the-british-raj.pdf
    • http://www.gorillawalker.com/aulden-cellars-sotheby-s-finest-and-rarest-wines-catalogue-of.pdf
    • http://www.gorillawalker.com/communist-feminist-thoughts-and-notes-on-communism-and-feminism-kindle.pdf
    • http://www.gorillawalker.com/one-catholic-and-apostolic-samuel-seabury-and-the-early-episcopal.pdf
    • http://www.gorillawalker.com/integrative-cardiology-complementary-and-alternative-medicine-for-the-heart.pdf
    • http://www.gorillawalker.com/texas-history-state-studies-texas.pdf
    • http://www.gorillawalker.com/warm-pathogen-diseases-a-clinical-guide-revised-edition.pdf
    • http://www.gorillawalker.com/microworlds-teacher-s-resource-guide.pdf
    • http://www.gorillawalker.com/christmas-confessions-and-cocktails-a-humorous-holiday-memoir-with-sassy.pdf
    • http://www.gorillawalker.com/early-explorations-in-british-columbia-for-the-canadian-pacific-railway.pdf
    • http://www.gorillawalker.com/keep-calm-for-ladies-keep-calm-and-carry-on.pdf
    • http://www.gorillawalker.com/high-resolution-electron-microscopy-of-defects-in-materials-volume-183.pdf
    • http://www.gorillawalker.com/the-art-of-filo-cookbook.pdf
    • http://www.gorillawalker.com/criminal-behavior-theories-typologies-and-criminal-justice.pdf
    • http://www.gorillawalker.com/jack-in-a-box-the-hunt-for-jack-reacher-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.