Malicious PDF — malware analysis report

Static analysis result for SHA-256 426ceff59da11739…

MALICIOUS

PDF

46.2 KB Created: 2018-11-25 20:20:30 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: cff856d5b13424d3142bf6a198b4b104 SHA-1: 5643fd9fb7a056e5c5004b62398c0431c3ae3687 SHA-256: 426ceff59da1173925e4fdab2217efadf1f360f911bf18c70f34b10917dee7b6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs likely serve as a link farm, potentially for SEO manipulation or to redirect users to malicious websites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/21st-century-chinese-poetry-no-11-bilingual-chinese-english.pdf
    • http://www.gorillawalker.com/weak-interactions-of-leptons-and-quarks.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-william-james-cambridge-companions-to-philosophy.pdf
    • http://www.gorillawalker.com/rattlesnakes-their-habits-life-histories-and-influences-on-mankind-2.pdf
    • http://www.gorillawalker.com/epidemiology-a-research-manual-for-south-africa.pdf
    • http://www.gorillawalker.com/certified-coding-specialist-physician-based-ccs-p-exam-preparation-ahima.pdf
    • http://www.gorillawalker.com/beginnings-and-beyond.pdf
    • http://www.gorillawalker.com/handbook-of-polycyclic-aromatic-hydrocarbons-emission-sources-and-recent-progress.pdf
    • http://www.gorillawalker.com/online-marketing-techniques-for-real-estate-agents-and-brokers-insider.pdf
    • http://www.gorillawalker.com/packing-for-mars-kindle-edition.pdf
    • http://www.gorillawalker.com/1940-fdr-willkie-lindbergh-hitler-151-the-election-amid-the.pdf
    • http://www.gorillawalker.com/magical-cities-fantasy-and-folklore-set-ii.pdf
    • http://www.gorillawalker.com/wild-storm-a-derrick-storm-thriller-library-edition.pdf
    • http://www.gorillawalker.com/automatic-radar-plotting-aids-manual.pdf
    • http://www.gorillawalker.com/national-directory-of-arts-internships-national-directory-of-arts-internships.pdf
    • http://www.gorillawalker.com/in-a-narrow-grave-essays-on-texas.pdf
    • http://www.gorillawalker.com/a-treatise-on-oral-deformities-as-a-branch-of-mechanical.pdf
    • http://www.gorillawalker.com/applied-psychology-in-health-care-communication-and-human-behavior-for.pdf
    • http://www.gorillawalker.com/the-kaizen-event-planner-achieving-rapid-improvement-in-office-service.pdf
    • http://www.gorillawalker.com/glencoe-pre-algebra-soltutions-manual-glencoe-pre-algebra.pdf
    • http://www.gorillawalker.com/before-the-dawn-dark-angel.pdf
    • http://www.gorillawalker.com/the-management-myth-debunking-modern-business-philosophy.pdf
    • http://www.gorillawalker.com/paulus-tillich-as-spiritual-teacher.pdf
    • http://www.gorillawalker.com/me-no-speak-china-english-and-chinese-edition.pdf
    • http://www.gorillawalker.com/the-public-health-memory-jogger-ii-a-pocket-guide-of.pdf
    • http://www.gorillawalker.com/history-of-u-s-environmental-law.pdf
    • http://www.gorillawalker.com/acca-international-accounting-and-finance-series-of-textbooks-management-accounting.pdf
    • http://www.gorillawalker.com/experiments-in-light-and-sound-with-toys-and-everyday-stuff.pdf
    • http://www.gorillawalker.com/as-the-mill-wheel-turns-tasty-traditional-biscuits-and-breads.pdf
    • http://www.gorillawalker.com/becoming-sexual-a-critical-appraisal-of-the-sexualization-of-girls.pdf
    • http://www.gorillawalker.com/want-to-be-a-knight-crabtree-connections.pdf
    • http://www.gorillawalker.com/the-bargain-a-novel-plain-city-peace.pdf
    • http://www.gorillawalker.com/baby-under-the-mistletoe.pdf
    • http://www.gorillawalker.com/astrology-in-ancient-mesopotamia-the-science-of-omens-and-the.pdf
    • http://www.gorillawalker.com/tricurious-surviving-the-deep-end-getting-into-gear-and-racing.pdf
    • http://www.gorillawalker.com/rise-of-the-arcane-fire-the-secret-order-kindle-edition.pdf
    • http://www.gorillawalker.com/change-and-reflection-the-legal-system-of-foreign-exchange-management.pdf
    • http://www.gorillawalker.com/agreements-on-jurisdiction-and-choice-of-law-oxford-private-international.pdf
    • http://www.gorillawalker.com/beta-planet-rise.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-ancient-and-medieval-nubia-historical-dictionaries-of.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.