Malicious PDF — malware analysis report

Static analysis result for SHA-256 3306e7b4ca36484f…

MALICIOUS

PDF

43.9 KB Created: 2019-02-14 08:12:44 +03:00 Authoring application: Adobe InDesign CS2_J (4.0.5) (via Adobe PDF Library 7.0)
MD5: bca9fd642539e488745eef3edd704750 SHA-1: 6924cf84dcc0adc5c3249ff9614e7ec9aa7a7759 SHA-256: 3306e7b4ca36484f134b5e1a4dbda22fa3ca74df55c0917318a10c5d17628e5b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a heuristic firing for a large number of embedded external links, suggesting a link farm or a distribution mechanism for other malicious content. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of linked PDFs points towards a malicious intent, likely related to SEO manipulation or distributing further malware. The embedded URLs are the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/from-scrawny-to-brawny-the-complete-guide-to-building-muscle.pdf
    • http://www.gorillawalker.com/blood-of-the-tiger-a-story-of-conspiracy-greed-and.pdf
    • http://www.gorillawalker.com/millie-s-reluctant-sacrifice-life-of-faith-a-millie-keith.pdf
    • http://www.gorillawalker.com/the-kristeva-reader.pdf
    • http://www.gorillawalker.com/japanese-for-young-people.pdf
    • http://www.gorillawalker.com/tina-and-the-penguin.pdf
    • http://www.gorillawalker.com/working-alone-tips-techniques-for-solo-building-for-pros-by.pdf
    • http://www.gorillawalker.com/rick-steves-provence-and-the-french-riviera-2004-rick-steves.pdf
    • http://www.gorillawalker.com/questioning-the-millenium-a-rationalist-s-guide-to-a-precisely.pdf
    • http://www.gorillawalker.com/materials-science-and-engineering-book-series-microstructure-analysis-of-electron.pdf
    • http://www.gorillawalker.com/medi-humor-medical-jokes.pdf
    • http://www.gorillawalker.com/environmental-analysis-by-electrochemical-sensors-and-biosensors-fundamentals-nanostructure-science.pdf
    • http://www.gorillawalker.com/jamaica-centennial-july-4th-1876.pdf
    • http://www.gorillawalker.com/you-can-draw-volume-1-pencil-and-charcoal-portraits.pdf
    • http://www.gorillawalker.com/functional-surfaces-in-biology-adhesion-related-phenomena-volume-2.pdf
    • http://www.gorillawalker.com/myths-of-termination-what-patients-can-teach-psychoanalysts-about-endings.pdf
    • http://www.gorillawalker.com/the-jobs-rated-almanac-the-best-jobs-and-how-to.pdf
    • http://www.gorillawalker.com/for-liberty-and-justice-a-biography-of-brigadier-general-wlodzimierz.pdf
    • http://www.gorillawalker.com/ringmakers-of-saturn.pdf
    • http://www.gorillawalker.com/passion-of-music-and-dance-the.pdf
    • http://www.gorillawalker.com/servius-commentary-on-book-four-of-virgil-s-aeneid.pdf
    • http://www.gorillawalker.com/fletchery-the-art-of-making-matched-arrows-by-searle-bill.pdf
    • http://www.gorillawalker.com/on-arthurian-women-essays-in-memory-of-maureen-fries.pdf
    • http://www.gorillawalker.com/holograph.pdf
    • http://www.gorillawalker.com/tales-of-solutions-a-collection-of-hope-inspiring-stories-norton.pdf
    • http://www.gorillawalker.com/a-sea-vagabond-s-world.pdf
    • http://www.gorillawalker.com/holes-adult-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/word-power.pdf
    • http://www.gorillawalker.com/fd-brazil-1987.pdf
    • http://www.gorillawalker.com/spirale-pupil-s-book-level-3.pdf
    • http://www.gorillawalker.com/periodontal-instrumentation-a-clinical-manual.pdf
    • http://www.gorillawalker.com/dynamite-8-high-explosive-action-1954.pdf
    • http://www.gorillawalker.com/ludvig-holberg-the-founder-of-norwegian-literature-and-an-oxford.pdf
    • http://www.gorillawalker.com/once-a-lover-always-a-fool-paperback.pdf
    • http://www.gorillawalker.com/all-in-this-together-the-unofficial-story-of-high-school.pdf
    • http://www.gorillawalker.com/geography-of-order-and-chaos-in-mechanics-investigations-of-quasi.pdf
    • http://www.gorillawalker.com/the-home-of-dancing-sivan-the-traditions-of-the-hindu.pdf
    • http://www.gorillawalker.com/doctors-may-proceed-with-rico-class-action-against-hmos-an.pdf
    • http://www.gorillawalker.com/concurrent-engineering-contemporary-issues-and-modern-design-tools-design-manufacturing.pdf
    • http://www.gorillawalker.com/train-to-win-11-principles-of-athletic-success.pdf
    • http://www.gorillawalker.com/questioning-the-millenium-a-rationalist-s-guide-to-a-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.