Malicious PDF — malware analysis report

Static analysis result for SHA-256 3022abc84892974f…

MALICIOUS

PDF

45.3 KB Created: 2018-12-07 18:28:59 +03:00 Authoring application: dvips 5.72 Copyright 1997 Radical Eye Software (www.radicaleye.com) (via Acrobat Distiller 5.0.5 (Windows))
MD5: 47f0dd0910447c25f8faffe165a5691b SHA-1: 89fd636e573658fa3adbac9e070bc9784fd7c5dc SHA-256: 3022abc84892974fc8cb3136b2e27b2421ee10e9f59f92ff08b6ce1688513b87
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or distribution mechanism. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to host or link to malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/moony-luna-luna-lunita-lunera-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/an-invitation-to-astrophysics-world-scientific-series-in-astronomy-and.pdf
    • http://www.gorillawalker.com/architecture-of-the-old-south-north-carolina.pdf
    • http://www.gorillawalker.com/vermont-do-your-own-nonprofit-the-only-gps-you-need.pdf
    • http://www.gorillawalker.com/the-well-managed-classroom-for-catholic-schools-promoting-student-success.pdf
    • http://www.gorillawalker.com/diseases-of-the-nervous-system-in-childhood.pdf
    • http://www.gorillawalker.com/flowers-of-perhaps-hebrew-classics.pdf
    • http://www.gorillawalker.com/devil-s-charm-chaos-bleeds-book-1.pdf
    • http://www.gorillawalker.com/god-in-the-white-house-a-history-how-faith-shaped.pdf
    • http://www.gorillawalker.com/a-constructivist-approach-to-the-nets-for-teachers.pdf
    • http://www.gorillawalker.com/you-re-designed-to-shine.pdf
    • http://www.gorillawalker.com/water-features-fountains-easy-diy-landscapes-ehow-easy-diy-kindle.pdf
    • http://www.gorillawalker.com/goering.pdf
    • http://www.gorillawalker.com/trauma-rehabilitation-after-war-and-conflict-community-and-individual-perspectives.pdf
    • http://www.gorillawalker.com/an-introduction-to-medieval-philosophy-basic-concepts.pdf
    • http://www.gorillawalker.com/old-testament-coloring-book.pdf
    • http://www.gorillawalker.com/adult-enlightener-2nd-quarter-2015-btu-ctc.pdf
    • http://www.gorillawalker.com/everworld-11-mystify-the-magician.pdf
    • http://www.gorillawalker.com/overture-to-a-midsummer-night-s-dream-op-21-alfred.pdf
    • http://www.gorillawalker.com/the-year-of-dancing-dangerously-one-woman-s-journey-from.pdf
    • http://www.gorillawalker.com/filosofia-para-principiantes-philosophy-for-beginners-desde-grecia-al-liberalismo.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-the-banyan-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/unslut-a-diary-and-a-memoir.pdf
    • http://www.gorillawalker.com/burlesque-trio-siren-publishing-menage-amour-siren-menage-amour.pdf
    • http://www.gorillawalker.com/not-another-apple-for-the-teacher-hundreds-of-fascinating-facts.pdf
    • http://www.gorillawalker.com/saint-elizabeth-s-three-crowns-vision-books.pdf
    • http://www.gorillawalker.com/atopic-dermatitis-psoriasis-vitiligo-korean-edition.pdf
    • http://www.gorillawalker.com/the-custom-fit-workplace-choose-when-where-and-how-to.pdf
    • http://www.gorillawalker.com/fleabag.pdf
    • http://www.gorillawalker.com/batman-year-100.pdf
    • http://www.gorillawalker.com/dressed-to-frill-sew-zoey.pdf
    • http://www.gorillawalker.com/the-destiny-project-ii-amelia-earhart.pdf
    • http://www.gorillawalker.com/the-tyranny-of-liberalism-understanding-and-overcoming-administered-freedom-inquisitorial.pdf
    • http://www.gorillawalker.com/doce-cuentos-peregrinos.pdf
    • http://www.gorillawalker.com/analytic-hyperbolic-geometry-in-n-dimensions-an-introduction.pdf
    • http://www.gorillawalker.com/the-power-of-one-daisy-bates-and-the-little-rock.pdf
    • http://www.gorillawalker.com/teaching-manual-of-color-duplex-sonography.pdf
    • http://www.gorillawalker.com/jazz-dance-the-story-of-american-vernacular-dance.pdf
    • http://www.gorillawalker.com/plus-style-the-plus-size-guide-to-looking-great.pdf
    • http://www.gorillawalker.com/30-vegetable-juices-fresh-recipes-for-fitness-detox-and-raw.pdf
    • http://www.gorillawalker.com/flowers-of-perh
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.