Malicious PDF — malware analysis report

Static analysis result for SHA-256 3eb20903c88b3c33…

MALICIOUS

PDF

40.9 KB Created: 2018-12-14 21:13:10 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: a299d7b659e950bcc9880eeacb9f5721 SHA-1: 8076069c62bfb12a819875121a5abac572ed4a78 SHA-256: 3eb20903c88b3c338cfa7cbf1e462901f7c1ab958570de79d89d573402b47495
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine results or to serve as a distribution point for other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/weight-watchers-in-20-minutes-spiral-bound.pdf
    • http://www.gorillawalker.com/crete-archaeology-history.pdf
    • http://www.gorillawalker.com/volterra-and-integral-equations-of-vector-functions-chapman-hall-crc.pdf
    • http://www.gorillawalker.com/phosphor-handbook-laser-and-optical-science-and-technology.pdf
    • http://www.gorillawalker.com/tishomingo-blues.pdf
    • http://www.gorillawalker.com/predator-flesh-and-blood.pdf
    • http://www.gorillawalker.com/commentaries-on-u-p-consolidation-of-holdings-act-u-p.pdf
    • http://www.gorillawalker.com/nepos-judean-adventure-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fihrist-of-al-nadim-a-tenth-century-survey-of.pdf
    • http://www.gorillawalker.com/bitcoin-detective-kindle-edition.pdf
    • http://www.gorillawalker.com/in-the-know-in-the-usa-the-indispensable-guide-to.pdf
    • http://www.gorillawalker.com/bermuda-on-a-budget.pdf
    • http://www.gorillawalker.com/telephone-switching-apparatus-in-israel-download-pdf-digital.pdf
    • http://www.gorillawalker.com/between-a-rock-and-a-hard-place-paranormal-bbw-romance.pdf
    • http://www.gorillawalker.com/spanish-traditional-ballads-romances-viejos-espa-oles-dual-language-books.pdf
    • http://www.gorillawalker.com/modernist-photographs-from-the-national-gallery-of-canada.pdf
    • http://www.gorillawalker.com/low-carb-ing-among-friends-volume-5-100-gluten-free.pdf
    • http://www.gorillawalker.com/advances-in-chemical-physics-vol-77.pdf
    • http://www.gorillawalker.com/sterling-biographies.pdf
    • http://www.gorillawalker.com/urology-an-illustrated-colour-text-1e.pdf
    • http://www.gorillawalker.com/medicinal-plants-of-eastern-and-central-north-america-peterson-field.pdf
    • http://www.gorillawalker.com/comprehensive-catalog-of-confederate-paper-money.pdf
    • http://www.gorillawalker.com/fast-forward-how-women-can-achieve-power-and-purpose.pdf
    • http://www.gorillawalker.com/the-media-enthralled-singapore-revisited.pdf
    • http://www.gorillawalker.com/from-the-plantation-to-the-prison-african-american-confinement-literature.pdf
    • http://www.gorillawalker.com/praxis-fundamental-subjects-0511-xam-praxis.pdf
    • http://www.gorillawalker.com/bowling-10-keys-to-success.pdf
    • http://www.gorillawalker.com/war-and-work-the-autobiography-of-thurman-i-miller.pdf
    • http://www.gorillawalker.com/judaism-religion-in-focus-hardcover.pdf
    • http://www.gorillawalker.com/dichter-und-bauer-overture-tuba-part-qty-4-a2143.pdf
    • http://www.gorillawalker.com/take-your-kids-to-europe-how-to-travel-safely-and.pdf
    • http://www.gorillawalker.com/heartsaver-aed-anytime-dvd-personal-learning-program.pdf
    • http://www.gorillawalker.com/un-ebook-pour-un-salaire-comment-gagner-de-l-argent.pdf
    • http://www.gorillawalker.com/hymn-duets-piano-solo-duet-philli-keveren-series-phillip-keveren.pdf
    • http://www.gorillawalker.com/complete-digital-photography-8th.pdf
    • http://www.gorillawalker.com/unmasking-the-marquess-a-hold-your-breath-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/food-for-thought-daily-meditations-for-overeaters.pdf
    • http://www.gorillawalker.com/mycenae-agamemnon-s-capital.pdf
    • http://www.gorillawalker.com/texts-from-the-buddhist-canon-commonly-known-as-dhammapada-primary.pdf
    • http://www.gorillawalker.com/lo-que-si-har-crecer-tu-cabello-m-todos-naturales.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.