Malicious PDF — malware analysis report

Static analysis result for SHA-256 2c0de44b68b27f8e…

MALICIOUS

PDF

45.1 KB Created: 2018-12-15 08:52:56 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 8.1.0 (Windows))
MD5: cec1e0f3cb765cc2cfd70df96c218eb4 SHA-1: 688738faeb242346e5cdabbfb30a583b4e6db7a8 SHA-256: 2c0de44b68b27f8e71e80cb10ab8a11d5f3a8c5e7ec1407d872ca17841b1983a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a website hosting numerous PDF documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/eastern-learning-and-the-heavenly-way-the-tonghak-and-chondogyo.pdf
    • http://www.gorillawalker.com/instruction-manual-for-ford-trimotor-1929.pdf
    • http://www.gorillawalker.com/optimal-fault-detection-and-resolution-during-maneuvaring-for-autonomousunderwater-vehicles.pdf
    • http://www.gorillawalker.com/the-rise-of-napoleon-bonaparte-paperback.pdf
    • http://www.gorillawalker.com/russia-s-postcolonial-identity-a-subaltern-empire-in-a-eurocentric.pdf
    • http://www.gorillawalker.com/sit-and-get-won-t-grow-dendrites-20-professional-learning.pdf
    • http://www.gorillawalker.com/weber-s-art-of-the-grill-deck-recipes-for-outdoor.pdf
    • http://www.gorillawalker.com/the-paleo-kid-s-christmas-16-holiday-classics-so-they.pdf
    • http://www.gorillawalker.com/do-s-and-don-ts-of-forex-trading-learn-the.pdf
    • http://www.gorillawalker.com/you-are-not-here-and-other-works-of-buddhist-fiction.pdf
    • http://www.gorillawalker.com/80-exercices-de-pilates-1dvd.pdf
    • http://www.gorillawalker.com/best-food-writing-2013.pdf
    • http://www.gorillawalker.com/modern-english-yiddish-yiddish-english-dictionary-yiddish-edition.pdf
    • http://www.gorillawalker.com/chemical-engineering-solutions-to-the-problems-in-volumes-2-3.pdf
    • http://www.gorillawalker.com/10-powerful-stress-busters-for-the-bam-vp-woman-in.pdf
    • http://www.gorillawalker.com/the-fortune-teller-s-kiss-american-lives.pdf
    • http://www.gorillawalker.com/military-war-tattoos-designs-ideas-kindle-edition.pdf
    • http://www.gorillawalker.com/whisky-galore-vintage-classics.pdf
    • http://www.gorillawalker.com/alfred-de-musset-hans-lif-och-verk-swedish-edition.pdf
    • http://www.gorillawalker.com/reyes-sin-coronas.pdf
    • http://www.gorillawalker.com/werebear-passion-collection-a-shifter-bbw-romance-erotica-bundle.pdf
    • http://www.gorillawalker.com/silvertown-the-lost-story-of-a-strike-that-shook-london.pdf
    • http://www.gorillawalker.com/broken-bread-an-ancient-look-at-the-first-last-supper.pdf
    • http://www.gorillawalker.com/hack-enemy-tcg-booster-display.pdf
    • http://www.gorillawalker.com/california-beaches-the-complete-guide-to-more-than-400-beaches.pdf
    • http://www.gorillawalker.com/bubbles-spheres-volume-i-microspherology-semiotext-e-foreign-agents.pdf
    • http://www.gorillawalker.com/fever-moon-graphic-novel.pdf
    • http://www.gorillawalker.com/our-lady-of-guadalupe-the-painting-the-legend-and-the.pdf
    • http://www.gorillawalker.com/pathfinder-roleplaying-game-gamemastery-guide.pdf
    • http://www.gorillawalker.com/microlaparoscopy.pdf
    • http://www.gorillawalker.com/super-sight-reading-secrets-an-innovative-step-by-step-program.pdf
    • http://www.gorillawalker.com/blue-gray-magazine-s-guide-to-haunted-places-of-the.pdf
    • http://www.gorillawalker.com/etudes-a-score-for-solo-piano-1915-paperback.pdf
    • http://www.gorillawalker.com/home-to-holly-springs-the-first-of-the-father-tim.pdf
    • http://www.gorillawalker.com/the-oxford-shakespeare-othello-the-moor-of-venice-the-oxford.pdf
    • http://www.gorillawalker.com/laboratory-experiments-for-general-organic-and-biochemistry.pdf
    • http://www.gorillawalker.com/a-laboratory-manual-of-entomology.pdf
    • http://www.gorillawalker.com/freedom-regained-the-possibility-of-free-will.pdf
    • http://www.gorillawalker.com/froggy-aprende-a-nadar-froggy-learns-to-swim-spanish-edition.pdf
    • http://www.gorillawalker.com/daniel-fast-smoothies-scrumptious-and-nutritious-blend-of-flavors-that.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.