Malicious PDF — malware analysis report

Static analysis result for SHA-256 3d7207e1d64b2219…

MALICIOUS

PDF

42.3 KB Created: 2018-12-15 20:01:10 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: aabaa02fdaae02226c5d91c248aadae7 SHA-1: 88be62b59940e7b66ff653d909081379c892cb80 SHA-256: 3d7207e1d64b221987550a36ef8ccbcf2286ff2baedbf15e48e856760b43e756
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high score. The document body is heavily obfuscated and unreadable, but the presence of numerous links suggests a malicious intent, possibly for SEO manipulation or to distribute malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/opposition-a-lux-novel-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/the-feminist-movement-of-today-finding-a-voice-women-s.pdf
    • http://www.gorillawalker.com/getting-to-know-the-philippines.pdf
    • http://www.gorillawalker.com/ultimate-memory-hero-the-5-most-powerful-memory-techniques-everybody.pdf
    • http://www.gorillawalker.com/advances-in-the-study-of-behavior-volume-47.pdf
    • http://www.gorillawalker.com/katsuya-terada-s-the-monkey-king-volume-2.pdf
    • http://www.gorillawalker.com/ethical-patient-care-a-casebook-for-geriatric-health-care-teams.pdf
    • http://www.gorillawalker.com/work-on-myth-studies-in-contemporary-german-social-thought.pdf
    • http://www.gorillawalker.com/how-to-grow-fresh-air-50-houseplants-that-purify-your.pdf
    • http://www.gorillawalker.com/the-digital-video-tape-recorder.pdf
    • http://www.gorillawalker.com/autocad-2000-instructor-with-autocad-2000i-addendum.pdf
    • http://www.gorillawalker.com/made-in-ancient-egypt.pdf
    • http://www.gorillawalker.com/programmed-visions-software-and-memory-software-studies.pdf
    • http://www.gorillawalker.com/two-weeks-of-life-a-memoir-of-love-death-and.pdf
    • http://www.gorillawalker.com/the-daughters-of-danaus-paperback.pdf
    • http://www.gorillawalker.com/shake-down-the-stars.pdf
    • http://www.gorillawalker.com/map-of-sweden-denmark-norway-taken-from-encyclopaedia-londinensis.pdf
    • http://www.gorillawalker.com/business-intelligence-making-better-decisions-faster.pdf
    • http://www.gorillawalker.com/shadowrun-splintered-state.pdf
    • http://www.gorillawalker.com/the-nature-and-development-of-decision-making-a-self-regulation.pdf
    • http://www.gorillawalker.com/tickled-til-she-pees-2-her-little-girl-lesbian-watersports.pdf
    • http://www.gorillawalker.com/best-ever-vegetarian-the-definitive-cook-s-collection.pdf
    • http://www.gorillawalker.com/the-murder-of-mary-russell-a-novel-of-suspense-featuring.pdf
    • http://www.gorillawalker.com/arms-and-influence-with-a-new-preface-and-afterword-the.pdf
    • http://www.gorillawalker.com/arabia-egypt-india-narrative-of-travel-1879-paperback-2009-author.pdf
    • http://www.gorillawalker.com/the-last-course-the-desserts-of-gramercy-tavern.pdf
    • http://www.gorillawalker.com/molecular-vibrations-the-theory-of-infrared-and-raman-vibrational-spectra.pdf
    • http://www.gorillawalker.com/the-paris-syndrome.pdf
    • http://www.gorillawalker.com/person-and-eros.pdf
    • http://www.gorillawalker.com/luisa-miller-act-ii-duetto-l-alto-retaggio-non-ho.pdf
    • http://www.gorillawalker.com/china-satellite-navigation-conference-csnc-2014-proceedings-volume-iii-lecture.pdf
    • http://www.gorillawalker.com/valentino-rossi-record-breaker.pdf
    • http://www.gorillawalker.com/broadening-the-contours-in-the-study-of-black-politics-citizenship.pdf
    • http://www.gorillawalker.com/songs-and-ruins-rigveda-in-harappan-setting.pdf
    • http://www.gorillawalker.com/gambling-times-guide-to-winning-systems-and-methods.pdf
    • http://www.gorillawalker.com/draw-learn-places-my-first-activity-books-draw-learn.pdf
    • http://www.gorillawalker.com/national-geographic-japan.pdf
    • http://www.gorillawalker.com/a-companion-to-folklore-wiley-blackwell-companions-to-anthropology.pdf
    • http://www.gorillawalker.com/broken-hidden-book-two-kindle-edition.pdf
    • http://www.gorillawalker.com/introduction-to-american-constitutional-law-structure-and-rights-american-casebook.pdf
    • http://www.gorillawalker.com/advances-in-the-study-of-behavior
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.