Malicious PDF — malware analysis report

Static analysis result for SHA-256 2febd8eaf6c0841c…

MALICIOUS

PDF

43.1 KB Created: 2018-11-26 20:06:54 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: b8f24937e80ba726be3399df8316fb95 SHA-1: bcc34fbdeba5989b9078476d46c4c72e6a863ff4 SHA-256: 2febd8eaf6c0841ce2af7327b56c67731176b9934c9c6b259b61fd5ea432630e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this as malicious. The primary purpose appears to be SEO manipulation or acting as a gateway to distribute other malicious PDFs, rather than direct user interaction within this document. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beat-the-casino-craps-game-a-simple-proven-strategy-that.pdf
    • http://www.gorillawalker.com/the-a-d-d-entrepreneur-how-to-harness-your-superpowers.pdf
    • http://www.gorillawalker.com/movie-trios-for-all-tenor-saxophone-instrumental-ensembles-for-all.pdf
    • http://www.gorillawalker.com/pregnancy-childbirth-and-the-newborn-the-complete-guide.pdf
    • http://www.gorillawalker.com/managing-up-expert-solutions-to-everyday-challenges-harvard-pocket-mentor.pdf
    • http://www.gorillawalker.com/woman-s-day-encyclopedia-of-cookery-complete-set-of-12.pdf
    • http://www.gorillawalker.com/beasts-of-no-nation.pdf
    • http://www.gorillawalker.com/the-wheels-on-the-truck-go-round-and-round-rookie.pdf
    • http://www.gorillawalker.com/lobby-hero-acting-edition.pdf
    • http://www.gorillawalker.com/noble-thoughts.pdf
    • http://www.gorillawalker.com/hydrogen-peroxide-cures-unleash-the-natural-healing-powers-of-hydrogen.pdf
    • http://www.gorillawalker.com/rick-steves-snapshot-bruges-and-brussels-including-antwerp-ghent.pdf
    • http://www.gorillawalker.com/plays-from-the-boom-box-galaxy-theater-from-the-hip.pdf
    • http://www.gorillawalker.com/il-segreto-di-padre-mascardi-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/consulting-and-evaluation-with-nonprofit-and-community-based-organizations.pdf
    • http://www.gorillawalker.com/seriously-good-gluten-free-cooking-in-association-with-coeliac-uk.pdf
    • http://www.gorillawalker.com/smart-mini-cameras.pdf
    • http://www.gorillawalker.com/something-must-be-wrong-with-me-a-boy-s-book.pdf
    • http://www.gorillawalker.com/fatal-storm-chase-dagger-mysteries.pdf
    • http://www.gorillawalker.com/steve-davis-snooker-champion.pdf
    • http://www.gorillawalker.com/larry-page-sergey-brin-and-google-technology-titans.pdf
    • http://www.gorillawalker.com/new-hampshire-fishing-maps.pdf
    • http://www.gorillawalker.com/the-political-zoo.pdf
    • http://www.gorillawalker.com/the-animal-catalyst-towards-ahuman-theory.pdf
    • http://www.gorillawalker.com/spanking-the-hucow-dairy-inc-hucow-mmf-menage-erotica.pdf
    • http://www.gorillawalker.com/naruto-vol-2-spanish-edition.pdf
    • http://www.gorillawalker.com/library-services-for-off-campus-and-distance-education-an-annotated.pdf
    • http://www.gorillawalker.com/hindsight-the-hindsight-series-volume-1.pdf
    • http://www.gorillawalker.com/panzer-colors-camouflage-of-the-german-panzer-forces-1939-1945.pdf
    • http://www.gorillawalker.com/the-phoenix-endangered-enduring-flame-book-2.pdf
    • http://www.gorillawalker.com/recetas-sin-sal-ni-azucar-spanish-edition.pdf
    • http://www.gorillawalker.com/work-and-adventures-of-the-northern-party-of-captain-scott.pdf
    • http://www.gorillawalker.com/in-bluebeard-s-castle-some-notes-towards-the-redefinition-of.pdf
    • http://www.gorillawalker.com/what-women-want-men-to-know.pdf
    • http://www.gorillawalker.com/symbols-of-terrorism.pdf
    • http://www.gorillawalker.com/barron-s-guide-to-medical-dental-schools.pdf
    • http://www.gorillawalker.com/elektronik-2-german-edition.pdf
    • http://www.gorillawalker.com/students-can-help-keep-schools-safe-a-students-teachers-guide.pdf
    • http://www.gorillawalker.com/location-location-location-psi-successful-business-library.pdf
    • http://www.gorillawalker.com/color-en-la-arquitectura-mexicana-color-in-mexican-architecture-spanish.pdf
    • http://www.gorillawalker.com/the-wheels-on-the-truck-go-round-and-r
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.