Malicious PDF — malware analysis report

Static analysis result for SHA-256 444bd3f30301d961…

MALICIOUS

PDF

33.7 KB Created: 2019-09-02 22:01:08 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: 0d9f41bbb9a978ec240506046bdfa77f SHA-1: 7b4ce15e20b165a2fab6d1bb834802bf63604bb3 SHA-256: 444bd3f30301d9616068bd3084da6fc4f3274883789cf82a9cd0029a129f4404
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links likely serve as a lure to redirect users to malicious content or phishing pages. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the document. No scripts were extracted from this sample, and the document body was not sufficiently readable to determine a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-fabrication-of-louis-xiv.pdf
    • http://www.gorillawalker.com/the-new-international-webster-s-pocket-spelling-dictionary-of-the.pdf
    • http://www.gorillawalker.com/roosters-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/ich-strippe-gerne-german-edition.pdf
    • http://www.gorillawalker.com/acupuncture-cure-of-many-diseases.pdf
    • http://www.gorillawalker.com/the-monastery-garden-cookbook-farm-fresh-recipes-for-the-home.pdf
    • http://www.gorillawalker.com/beyond-sectarianism-the-realignment-of-american-orthodox-judaism.pdf
    • http://www.gorillawalker.com/getting-started-with-the-parallax-propeller.pdf
    • http://www.gorillawalker.com/the-chaco-war-1932-35-south-america-s-greatest-war.pdf
    • http://www.gorillawalker.com/cardiovascular-disease-in-pregnancy-an-issue-of-cardiology-clinics-1e.pdf
    • http://www.gorillawalker.com/interviste-americane-italian-edition.pdf
    • http://www.gorillawalker.com/activation-and-catalytic-reactions-of-saturated-hydrocarbons-in-the-presence.pdf
    • http://www.gorillawalker.com/the-routledge-introduction-to-qur-anic-arabic.pdf
    • http://www.gorillawalker.com/yes-we-did-from-king-s-dream-to-obama-s.pdf
    • http://www.gorillawalker.com/awakening-to-the-obvious.pdf
    • http://www.gorillawalker.com/orthosilicates-reviews-in-mineralogy.pdf
    • http://www.gorillawalker.com/mouse-went-out-to-get-a-snack.pdf
    • http://www.gorillawalker.com/mischievous-multiplication-and-delicious-division-age-8-9-letts-magical.pdf
    • http://www.gorillawalker.com/vampire-vultures.pdf
    • http://www.gorillawalker.com/the-moated-grange-a-history-of-south-norfolk-through-the.pdf
    • http://www.gorillawalker.com/concepts-arranging-for-fingerstyle-guitar-the-howard-morgen-fingerstyle-jazz.pdf
    • http://www.gorillawalker.com/start-your-own-green-business-your-step-by-step-guide.pdf
    • http://www.gorillawalker.com/surviving-an-auto-accident-a-guide-to-your-physical-economic.pdf
    • http://www.gorillawalker.com/browning-machine-gun-caliber-50-hb-m2-fm23-65.pdf
    • http://www.gorillawalker.com/ghosts-of-southeastern-minnesota.pdf
    • http://www.gorillawalker.com/i-hope-my-mother-doesn-t-read-this-a-collection.pdf
    • http://www.gorillawalker.com/the-new-science-of-strong-materials-or-why-you-don.pdf
    • http://www.gorillawalker.com/guidelines-for-process-hazards-analysis-pha-hazop-hazards-identification-and.pdf
    • http://www.gorillawalker.com/son-of-a-son-of-a-gambler-winners-losers-and.pdf
    • http://www.gorillawalker.com/how-to-market-your-school-a-guide-to-marketing-communication.pdf
    • http://www.gorillawalker.com/the-betz-mcat-diagnostic-test-mcat-diagnostic-program-practice-tests.pdf
    • http://www.gorillawalker.com/the-medical-letter-and-the-yale-school-of-medicine-continuing.pdf
    • http://www.gorillawalker.com/hale-irwin-s-smart-golf-wisdom-and-strategies-from-the.pdf
    • http://www.gorillawalker.com/los-amantes-mariposa-spanish-edition.pdf
    • http://www.gorillawalker.com/applied-construction-math-instructor-s-guide.pdf
    • http://www.gorillawalker.com/north-america-heinemann-first-library.pdf
    • http://www.gorillawalker.com/infinity-tarot-deck.pdf
    • http://www.gorillawalker.com/planning-my-career-occupational-guidance.pdf
    • http://www.gorillawalker.com/the-architecture-of-the-italian-renaissance.pdf
    • http://www.gorillawalker.com/the-noodle-maker-of-kalimpong-the-untold-story-of-my.pdf
    • http://www.gorillawalker.com/the-routledge-int
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.