Malicious PDF — malware analysis report

Static analysis result for SHA-256 377438db3565e02b…

MALICIOUS

PDF

40.6 KB Created: 2018-12-02 10:55:47 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: 1fd9c0b507451ed3355ad8de8db13517 SHA-1: 3e0aa07708b62b2d248d6c03a481b669940623e0 SHA-256: 377438db3565e02b244fc7332945acd24180a499af4a73ea115353024519ab89
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. No scripts were extracted, and the document body was not sufficiently readable to determine a specific lure. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/human-the-definitive-visual-guide.pdf
    • http://www.gorillawalker.com/gods-and-men-in-egypt-3000-bce-to-395-ce.pdf
    • http://www.gorillawalker.com/christmas-nights-mills-boon-special-releases.pdf
    • http://www.gorillawalker.com/jamie-dobb-a-year-in-the-life-of-a-motocross.pdf
    • http://www.gorillawalker.com/federal-money-laundering-regulation-banking-corporate-and-securities-compliance.pdf
    • http://www.gorillawalker.com/cry-no-more.pdf
    • http://www.gorillawalker.com/suite-of-spanish-folksongs-for-violin-and-piano-music-sales.pdf
    • http://www.gorillawalker.com/the-battle-of-bull-run-and-blockade-runners-civil-war.pdf
    • http://www.gorillawalker.com/pucko-music-akira-press-poetry.pdf
    • http://www.gorillawalker.com/the-hills-of-tennessee.pdf
    • http://www.gorillawalker.com/visualizing-africa-in-nineteenth-century-british-travel-accounts-routledge-research.pdf
    • http://www.gorillawalker.com/rain-haiku.pdf
    • http://www.gorillawalker.com/cairn-a-dragon-memoir-legends-of-the-aurora-volume-2.pdf
    • http://www.gorillawalker.com/resume-empower-shattering-the-paper-ceiling.pdf
    • http://www.gorillawalker.com/beagles-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/understanding-post-tonal-music.pdf
    • http://www.gorillawalker.com/the-new-pronouncing-pocket-law-dictionary-being-the-third-edition.pdf
    • http://www.gorillawalker.com/a-cornelius-calendar-adventures-of-una-persson-and-catherine-cornelius.pdf
    • http://www.gorillawalker.com/comportamiento-organizacional-organizational-behavior-spanish-edition.pdf
    • http://www.gorillawalker.com/alexander-the-great-at-the-battle-of-granicus-a-campaign.pdf
    • http://www.gorillawalker.com/laboratory-and-diagnostic-testing-in-ambulatory-care-a-guide-for.pdf
    • http://www.gorillawalker.com/count-with-dora-dora-the-explorer-kindle-edition.pdf
    • http://www.gorillawalker.com/kiniro-mosaic-art-book.pdf
    • http://www.gorillawalker.com/sarajevo-esquina-montevideo-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/understanding-the-dead-sea-scrolls-a-reader-from-the-biblical.pdf
    • http://www.gorillawalker.com/infusionsoft-cookbook.pdf
    • http://www.gorillawalker.com/discover-earth-science.pdf
    • http://www.gorillawalker.com/the-world-in-a-bowl-of-tea-healthy-seasonal-foods.pdf
    • http://www.gorillawalker.com/the-monstrumologist-collection-the-monstrumologist-the-curse-of-the-wendigo.pdf
    • http://www.gorillawalker.com/introduction-to-oilwell-service-and-workover-lesson-1-well-servicing.pdf
    • http://www.gorillawalker.com/harry-potter-places-book-one-london-and-london-side-along.pdf
    • http://www.gorillawalker.com/2-corinthians-finding-strength-in-weakness-lifeguide-bible-studies.pdf
    • http://www.gorillawalker.com/llewellyn-s-2016-witches-calendar.pdf
    • http://www.gorillawalker.com/chicks-rule-the-story-of-the-dixie-chicks.pdf
    • http://www.gorillawalker.com/arduino-and-lego-projects.pdf
    • http://www.gorillawalker.com/jamestown-s-number-power-fractions-decimals-and-percents.pdf
    • http://www.gorillawalker.com/elizabeth-of-the-trinity-always-believe-in-love-spirituality-through.pdf
    • http://www.gorillawalker.com/the-story-of-your-soul-recovering-the-pearl-of-your.pdf
    • http://www.gorillawalker.com/high-performance-jeepcherokee-xj-builder-s-guide-1984-2001-byzappe.pdf
    • http://www.gorillawalker.com/the-atlas-of-environmental-migration.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.