Malicious PDF — malware analysis report

Static analysis result for SHA-256 43eadc306a3baa0c…

MALICIOUS

PDF

33.7 KB Created: 2019-05-24 00:41:48 +03:00 Authoring application: Adobe Acrobat 8.1 Combine Files (via Acrobat Distiller 8.1.0 (Windows))
MD5: 7c036601e021bad60b6b8a71214dd907 SHA-1: 9d3b7f965e1e9ffd20050d04b75885126d29376d SHA-256: 43eadc306a3baa0c273aeeddc1b96d517af3b3ab47e2f42a15df93de259100e1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aliens-omnibus-volume-4-v-4.pdf
    • http://www.gorillawalker.com/sefer-hamitzvos-of-the-rambam-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/gay-youth-guide.pdf
    • http://www.gorillawalker.com/marketing-for-sport-business-success.pdf
    • http://www.gorillawalker.com/american-surreal-the-art-of-todd-schorr.pdf
    • http://www.gorillawalker.com/violent-politics-a-history-of-insurgency-terrorism-and-guerrilla-war.pdf
    • http://www.gorillawalker.com/uruguay-con-amor-al-paso-por-am.pdf
    • http://www.gorillawalker.com/commercial-policy-of-pitt-and-peel-1785-1846.pdf
    • http://www.gorillawalker.com/kid-style-cool-clothes-for-you-make-it-mine.pdf
    • http://www.gorillawalker.com/record-breaking-people-infographic-top-10s.pdf
    • http://www.gorillawalker.com/joe-carr-western-swing-fiddle-beginning-violin-published-by-mel.pdf
    • http://www.gorillawalker.com/jihad-in-palestine-political-islam-and-the-israeli-palestinian-conflict.pdf
    • http://www.gorillawalker.com/revelations-of-crib-death-autistic-child-the-third-gender-the.pdf
    • http://www.gorillawalker.com/geothermal-treasures-m-ori-living-with-heat-and-steam.pdf
    • http://www.gorillawalker.com/reunion-water-trilogy-book-2.pdf
    • http://www.gorillawalker.com/pick-3-lottery-system-volume-1-proven-system-to-hit.pdf
    • http://www.gorillawalker.com/little-threepenny-music-for-wind-orchestra-full-score.pdf
    • http://www.gorillawalker.com/sapphire-galaxy-playmates-book-1.pdf
    • http://www.gorillawalker.com/the-legend-of-ohio-myths-legends-fairy-and-folktales.pdf
    • http://www.gorillawalker.com/conflicting-accounts-the-creation-and-crash-of-the-saatchi-saatchi.pdf
    • http://www.gorillawalker.com/asteroseismology-astronomy-and-astrophysics-library.pdf
    • http://www.gorillawalker.com/la-acci-n-aniquila-el-miedo-hazlo-ya-descubre-como.pdf
    • http://www.gorillawalker.com/the-photographer-s-guide-to-the-maine-coast-where-to.pdf
    • http://www.gorillawalker.com/das-haus-in-cypress-canyon-the-house-in-cypress-canyon.pdf
    • http://www.gorillawalker.com/understanding-islam-a-listener-s-guide-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/all-the-multivese-ii-between-multiverse-universes-quantum-entanglement-explained.pdf
    • http://www.gorillawalker.com/plane-and-spherical-trigonometry-by-frank-ayres-jr.pdf
    • http://www.gorillawalker.com/the-ballad-of-the-white-horse-an-epic-poem.pdf
    • http://www.gorillawalker.com/game-change-obama-and-the-clintons-mccain-and-palin-and.pdf
    • http://www.gorillawalker.com/changing-world-unchanging-mission-responding-to-global-challenges.pdf
    • http://www.gorillawalker.com/the-american-musical-film-song-encyclopedia-hardcover-march-30-1999.pdf
    • http://www.gorillawalker.com/health-physics-and-radiological-health.pdf
    • http://www.gorillawalker.com/make-change-easily-fund-your-favorite-ministries-simply-by-rethinking.pdf
    • http://www.gorillawalker.com/my-body-needs-to-be-clean-healthy-me.pdf
    • http://www.gorillawalker.com/fue-un-beso-tonto-spanish-edition.pdf
    • http://www.gorillawalker.com/tao-the-three-treasures-volume-one-talks-on-fragments-from.pdf
    • http://www.gorillawalker.com/a-comprehensive-grammar-to-hammurabi-s-stele.pdf
    • http://www.gorillawalker.com/the-prisoner-list.pdf
    • http://www.gorillawalker.com/history-of-shit-a-documents-book.pdf
    • http://www.gorillawalker.com/future-prospects-of-the-world-according-to-the-bible-code.pdf
    • http://www.gorillawalker.com/commercial-policy-of
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.