Malicious PDF — malware analysis report

Static analysis result for SHA-256 28f6a836d4b1458f…

MALICIOUS

PDF

42.7 KB Created: 2018-12-07 18:28:19 +03:00 Authoring application: XEP 4.4 build 20050610
MD5: bf440647f87516a1707ba4f678c55a6c SHA-1: e0ae19d74bc90c4a85aa636fc8fb428274cb01b4 SHA-256: 28f6a836d4b1458f80e6322b013805605b3d0ea89750819c3699404e5382f4b1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sacred-war-nationalism-and-revolution-in-a-divided-vietnam.pdf
    • http://www.gorillawalker.com/kekkaishi-vol-8-kindle-edition.pdf
    • http://www.gorillawalker.com/reflections-on-the-death-of-a-porcupine-and-other-essays.pdf
    • http://www.gorillawalker.com/ase-test-preparation-series-school-bus-s5-suspension-and-steering.pdf
    • http://www.gorillawalker.com/one-odd-old-owl-child-s-play-library.pdf
    • http://www.gorillawalker.com/international-development-policy-aid-emerging-economies-and-global-policies.pdf
    • http://www.gorillawalker.com/fantastic-fossils-rock-on-a-look-at-geology.pdf
    • http://www.gorillawalker.com/basic-digital-photography-a-comprehensive-step-by-step-guide-to.pdf
    • http://www.gorillawalker.com/archaeology-of-performance-theaters-of-power-community-and-politics-archaeology.pdf
    • http://www.gorillawalker.com/riemannian-geometry-and-holonomy-groups-research-notes-in-mathematics-series.pdf
    • http://www.gorillawalker.com/regionalism-and-nationalism-in-the-united-states-the-attack-on.pdf
    • http://www.gorillawalker.com/7-billion-needles-volume-2.pdf
    • http://www.gorillawalker.com/anachronism-kindle-edition.pdf
    • http://www.gorillawalker.com/dr-oz-of-z-industries.pdf
    • http://www.gorillawalker.com/steve-jobs-quotable-wisdom.pdf
    • http://www.gorillawalker.com/medication-administration.pdf
    • http://www.gorillawalker.com/the-philosophy-of-mathematical-practice.pdf
    • http://www.gorillawalker.com/and-the-grammy-goes-to-the-official-story-of-music.pdf
    • http://www.gorillawalker.com/one-horse-open-sleigh-race.pdf
    • http://www.gorillawalker.com/anxiety-free-unravel-your-fears-before-they-unravel-you-chinese.pdf
    • http://www.gorillawalker.com/diagnostic-pathology-of-parasitic-infections-with-clinical-correlations.pdf
    • http://www.gorillawalker.com/the-habitats-directive-in-its-eu-environmental-law-context-european.pdf
    • http://www.gorillawalker.com/aggregation-and-divisibility-of-damage-tort-and-insurance-law.pdf
    • http://www.gorillawalker.com/where-to-go-when-italy-dk-eyewitness-travel.pdf
    • http://www.gorillawalker.com/alfred-publishing-00-el00082-preparatory-melodies-to-solo-work-for.pdf
    • http://www.gorillawalker.com/california-advance-sheet-november-2013-kindle-edition.pdf
    • http://www.gorillawalker.com/touching-space-placing-touch.pdf
    • http://www.gorillawalker.com/recipe-journal-fig.pdf
    • http://www.gorillawalker.com/living-wills-power-of-attorney-healthcare-do-it-yourself-kit.pdf
    • http://www.gorillawalker.com/similarity-and-dimensional-methods-in-mechanics-tenth-edition.pdf
    • http://www.gorillawalker.com/3d-and-animated-lenticular-photography-between-utopia-and-entertainment-studies.pdf
    • http://www.gorillawalker.com/inventions-we-use-at-home-everyday-inventions.pdf
    • http://www.gorillawalker.com/the-political-economy-of-hurricane-katrina-and-community-rebound-new.pdf
    • http://www.gorillawalker.com/devil-went-down-to-jersey-kindle-edition.pdf
    • http://www.gorillawalker.com/who-was-anne-frank-who-was-kindle-edition.pdf
    • http://www.gorillawalker.com/crossdressing-box-set.pdf
    • http://www.gorillawalker.com/bosquejos-para-predicadores-tomo-2-spanish-edition-paperback.pdf
    • http://www.gorillawalker.com/developing-metrics-a-hands-on-guide-and-workbook.pdf
    • http://www.gorillawalker.com/serial-killing-for-profit-multiple-murder-for-money.pdf
    • http://www.gorillawalker.com/hitler-youth-growing-up-in-hitler-s-shadow-bccb-blue.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.