Malicious PDF — malware analysis report

Static analysis result for SHA-256 42af798577eb8d74…

MALICIOUS

PDF

42.3 KB Created: 2018-11-30 01:49:24 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 2b275fb59b03291dbf78a6d87be4144a SHA-1: fea0ede99f41abcf625581510fa71c5f0f6b7549 SHA-256: 42af798577eb8d742333c69d88b2083a09fbec069504b590dda7bcad6e700039
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of a link farm or a distribution mechanism for further malicious content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-heart-of-awareness-a-translation-of-the-ashtavakra-gita.pdf
    • http://www.gorillawalker.com/gauge-fields-introduction-to-quantum-theory-frontiers-in-physics.pdf
    • http://www.gorillawalker.com/an-anatomy-of-revelation-prophetic-visions-in-the-light-of.pdf
    • http://www.gorillawalker.com/great-source-daily-analogies-student-edition-package-of-10-grade.pdf
    • http://www.gorillawalker.com/the-magic-of-pants.pdf
    • http://www.gorillawalker.com/ion-chromatography-first-edition-principles-and-applications-journal-of-chromatography.pdf
    • http://www.gorillawalker.com/fetishisms-gone-wild-hentai-manga.pdf
    • http://www.gorillawalker.com/ep-stolas-de-pablo-curso-de-formacion-ministerial-estudio-biblico.pdf
    • http://www.gorillawalker.com/gut-gerustet-gegen-uberwachung-im-web-wie-sie-verschlusselt-mailen.pdf
    • http://www.gorillawalker.com/das-neue-gro-e-weight-watchers-kochbuch-ber-200-rezepte.pdf
    • http://www.gorillawalker.com/christian-science-a-reasonable-and-rational-view-of-all-things.pdf
    • http://www.gorillawalker.com/z-is-for-zamboni-a-hockey-alphabet-sports-alphabet.pdf
    • http://www.gorillawalker.com/nutrition-science-and-application-third-edition-with-the-total-dietary.pdf
    • http://www.gorillawalker.com/el-diario-teut.pdf
    • http://www.gorillawalker.com/mapuche-seeds-of-the-chilean-soul.pdf
    • http://www.gorillawalker.com/dance-music-for-mr-mouse-for-clarinet-and-piano.pdf
    • http://www.gorillawalker.com/plane-strain-slip-line-fields-for-metal-deformation-processes-a.pdf
    • http://www.gorillawalker.com/sports-illustrated-swimsuit-50-years-of-beautiful.pdf
    • http://www.gorillawalker.com/diabetes-fight-it-with-the-blood-type-diet-dr-peter.pdf
    • http://www.gorillawalker.com/undeliverable-a-letter-of-reminiscence.pdf
    • http://www.gorillawalker.com/dream-chasers-immigration-and-the-american-backlash.pdf
    • http://www.gorillawalker.com/after-the-winter-the-silent-earth-book-1.pdf
    • http://www.gorillawalker.com/the-strong-arm-of-the-law-armed-and-public-order.pdf
    • http://www.gorillawalker.com/dream-meanings-dictionary.pdf
    • http://www.gorillawalker.com/nabucco-an-opera-in-four-parts-for-soli-chorus-and.pdf
    • http://www.gorillawalker.com/the-social-consequences-of-modern-psychology.pdf
    • http://www.gorillawalker.com/tribology-of-diamond-like-carbon-films-fundamentals-and-applications.pdf
    • http://www.gorillawalker.com/rachel-weep-no-more-prepack.pdf
    • http://www.gorillawalker.com/angels-in-my-kitchen-miracle-meals-i-m-cooking-dinners.pdf
    • http://www.gorillawalker.com/united-states-naval-aviation-1911-2014-images-of-war.pdf
    • http://www.gorillawalker.com/concise-legal-research.pdf
    • http://www.gorillawalker.com/the-bitterwood-bible.pdf
    • http://www.gorillawalker.com/a-history-of-corporate-finance.pdf
    • http://www.gorillawalker.com/cox-s-clinical-applications-of-nursing-diagnosis-adult-child-women.pdf
    • http://www.gorillawalker.com/we-re-going-on-a-dinosaur-dig-little-birdie-readers.pdf
    • http://www.gorillawalker.com/dialogues-in-dying.pdf
    • http://www.gorillawalker.com/alhambra-create-your-own-castle-sticker-book.pdf
    • http://www.gorillawalker.com/3ds-max-9-essentials-autodesk-media-and-entertainment-courseware.pdf
    • http://www.gorillawalker.com/understanding-islam-an-introduction-to-the-muslim-world-third-edition.pdf
    • http://www.gorillawalker.com/minecraft-diary-of-a-wimpy-minecraft-herobrine-book-1-unofficial.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.