Malicious PDF — malware analysis report

Static analysis result for SHA-256 2888437736b809c8…

MALICIOUS

PDF

42.7 KB Created: 2018-11-23 08:08:51 +03:00 Authoring application: Adobe InDesign CS5_J (7.0.4) (via Acrobat Distiller 9.5.0 (Windows))
MD5: db56fd48e4bdc33b8f969c0bea5897e1 SHA-1: f9c910043cc4f8a34c62b4cdfef896442be6f1d6 SHA-256: 2888437736b809c8ca8777747acbbdbd515806ff0be525457846a459136769ae
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also indicated a high probability of maliciousness. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-furry-trap.pdf
    • http://www.gorillawalker.com/shot-at-and-missed-recollections-of-a-world-war-ii.pdf
    • http://www.gorillawalker.com/el-salvador-resumen-historico-ilustrado-1501-2001-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/mighty-machines-ready-to-read.pdf
    • http://www.gorillawalker.com/felix-mendelssohn-3-lieder-op-84-a-score-for-voice.pdf
    • http://www.gorillawalker.com/the-law-in-plain-english-for-doctors-dentists-and-other.pdf
    • http://www.gorillawalker.com/eldercare-911-the-caregiver-s-complete-handbook-for-making-decisions.pdf
    • http://www.gorillawalker.com/the-forgotten-books-of-eden-complete-edition.pdf
    • http://www.gorillawalker.com/women-islam-and-international-law-within-the-context-of-the.pdf
    • http://www.gorillawalker.com/tasting-and-touring-michigan-s-home-grown-food.pdf
    • http://www.gorillawalker.com/dialogues-with-dostoevsky-the-overwhelming-questions.pdf
    • http://www.gorillawalker.com/what-will-you-do-today-a-book-about-weather-disney.pdf
    • http://www.gorillawalker.com/your-interactive-sex-adventure-a-funny-dark-sick-interactive-comedy.pdf
    • http://www.gorillawalker.com/new-york-4e-ed.pdf
    • http://www.gorillawalker.com/official-harry-potter-calendar-2005-calendar.pdf
    • http://www.gorillawalker.com/i-m-sitting-pretty-in-a-pretty-little-city-with.pdf
    • http://www.gorillawalker.com/the-shattered-world-within-kindle-edition.pdf
    • http://www.gorillawalker.com/berlitz-pocket-guides-south-africa.pdf
    • http://www.gorillawalker.com/living-to-be-a-hundred-kindle-edition.pdf
    • http://www.gorillawalker.com/branding-your-business-promoting-your-business-attracting-customers-and-standing.pdf
    • http://www.gorillawalker.com/leak-why-mark-felt-became-deep-throat.pdf
    • http://www.gorillawalker.com/principles-of-neuropsychopharmacology-wh-freeman-1997.pdf
    • http://www.gorillawalker.com/the-man-from-clear-lake-earth-day-founder-senator-gaylord.pdf
    • http://www.gorillawalker.com/the-legend-of-zelda-majora-s-mask-official-perfect-guide.pdf
    • http://www.gorillawalker.com/scrabble-153-doku.pdf
    • http://www.gorillawalker.com/european-film-policies-in-eu-and-international-law-culture-and.pdf
    • http://www.gorillawalker.com/double-down-game-change-2012.pdf
    • http://www.gorillawalker.com/return-to-the-sea-the-life-and-evolutionary-times-of.pdf
    • http://www.gorillawalker.com/business-essentials-accounts-study-text.pdf
    • http://www.gorillawalker.com/big-booty-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/holt-elements-of-language-introductory-course-grade-6-tennessee-edition.pdf
    • http://www.gorillawalker.com/managerial-economics-applications-strategy-and-tactics.pdf
    • http://www.gorillawalker.com/an-enquiry-into-the-asian-growth-model.pdf
    • http://www.gorillawalker.com/law-of-medical-malpractice-oceana-s-legal-almanac-law-for.pdf
    • http://www.gorillawalker.com/the-666-era-kindle-edition.pdf
    • http://www.gorillawalker.com/messenger-by-moonlight.pdf
    • http://www.gorillawalker.com/mastering-inventions-patents-markets-money-your-personal-trainer-for-relentless.pdf
    • http://www.gorillawalker.com/spousal-immigration-doing-it-right.pdf
    • http://www.gorillawalker.com/the-mixquiahuala-letters-paperback.pdf
    • http://www.gorillawalker.com/break-the-one-armed-bandits.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.