Malicious PDF — malware analysis report

Static analysis result for SHA-256 3bfbe0867e068e0b…

MALICIOUS

PDF

42.0 KB Created: 2018-11-15 18:32:47 +03:00 Authoring application: Adobe InDesign CS3 (5.0.4) (via Adobe PDF Library 8.0)
MD5: fcb2237118270cac880a11a594ab2cb0 SHA-1: 926984656a789332dc56010e094f0f7cedd7dbc7 SHA-256: 3bfbe0867e068e0bc5e1f04b31c75248888679a04ce2d120846704a66f842857
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute multiple malicious files. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sonata-i-music-scores.pdf
    • http://www.gorillawalker.com/gasdynamics-of-engines.pdf
    • http://www.gorillawalker.com/advanced-thermoset-composites-industrial-and-commercial-applications.pdf
    • http://www.gorillawalker.com/cyber-crimes-crime-justice-punishment.pdf
    • http://www.gorillawalker.com/oil-painting-portraits-art-school.pdf
    • http://www.gorillawalker.com/early-devon-maps-friends-of-devon-s-archives-occasional-publications.pdf
    • http://www.gorillawalker.com/rand-mcnally-tallahassee-easyfinder-map-rand-mcnally-easyfinder.pdf
    • http://www.gorillawalker.com/sports-illustrated-in-the-paint.pdf
    • http://www.gorillawalker.com/stories-from-africa-tsi-na-atsie.pdf
    • http://www.gorillawalker.com/would-you-teach-a-fish-to-climb-a-tree-a.pdf
    • http://www.gorillawalker.com/cam-jansen-and-the-valentine-baby-mystery.pdf
    • http://www.gorillawalker.com/crocodile-tears.pdf
    • http://www.gorillawalker.com/posing-guide-for-wedding-photographers-an-uncommon-template-for-the.pdf
    • http://www.gorillawalker.com/microwave-devices-device-circuit-interactions-wiley-series-in-solid-state.pdf
    • http://www.gorillawalker.com/discover-your-voice-how-to-develop-healthy-voice-habits.pdf
    • http://www.gorillawalker.com/spelling-rules-magic-of-language.pdf
    • http://www.gorillawalker.com/the-murder-road-a-cooper-fry-mystery-cooper-fry-mysteries.pdf
    • http://www.gorillawalker.com/christianity-101.pdf
    • http://www.gorillawalker.com/collaborative-divorce-the-revolutionary-new-way-to-restructure-your-family.pdf
    • http://www.gorillawalker.com/the-albigen-papers.pdf
    • http://www.gorillawalker.com/a-first-collection-of-bible-stories-and-stickers-daniel-jonah.pdf
    • http://www.gorillawalker.com/the-dancer-s-book-of-ballet-from-student-to-ballerina.pdf
    • http://www.gorillawalker.com/life-beside-itself-imagining-care-in-the-canadian-arctic.pdf
    • http://www.gorillawalker.com/sopas-spanish-edition.pdf
    • http://www.gorillawalker.com/spoken-here-travels-among-threatened-languages.pdf
    • http://www.gorillawalker.com/the-bus-for-us-nuestro-autobus.pdf
    • http://www.gorillawalker.com/greek-language-people-language-and-people.pdf
    • http://www.gorillawalker.com/anthologizing-canadian-literature-theoretical-and-cultural-perspectives-digital.pdf
    • http://www.gorillawalker.com/surrounded-by-geniuses-unlocking-the-brilliance-in-yourself-your-colleagues.pdf
    • http://www.gorillawalker.com/mod-les-al-atoires-applications-aux-sciences-de-l-ing.pdf
    • http://www.gorillawalker.com/le-villi-vocal-score-italian-a4604.pdf
    • http://www.gorillawalker.com/kiss-blue-volume-1-yaoi-v-1.pdf
    • http://www.gorillawalker.com/biblical-life-prayer-dynamics-study-guide.pdf
    • http://www.gorillawalker.com/the-boston-globe-guide-to-boston-boston-globe-guide-to.pdf
    • http://www.gorillawalker.com/not-all-bonnets-and-bustles-victorian-women-travellers-in-africa.pdf
    • http://www.gorillawalker.com/kitesurfing-extreme-sports-fitway-publishing.pdf
    • http://www.gorillawalker.com/lectionary-scenes-58-vignettes-for-cycle-b.pdf
    • http://www.gorillawalker.com/safe-in-his-arms-under-texas-stars.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-lesbian-erotic-stories-42-naughty-sexy.pdf
    • http://www.gorillawalker.com/latino-fiction-and-the-modernist-imagination-literature-of-the-borderlands.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.