Malicious PDF — malware analysis report

Static analysis result for SHA-256 44765f182aca3bcc…

MALICIOUS

PDF

44.0 KB Created: 2018-12-28 08:08:39 +03:00 Authoring application: QuarkXPress(R) 8.0
MD5: d9fa1933327eec8a50ee00dd9c474816 SHA-1: 5ddecb32db8f0efbff8c1789a6347ad72cd85651 SHA-256: 44765f182aca3bcc4e257c0636e20c4ded7f98fc6186aa4869e881913fddfbfd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to PDF files on the same domain, suggesting a tactic to artificially inflate search engine rankings or distribute content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific malicious intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/christina-of-denmark-duchess-of-milan-and-lorraine-1522-1590.pdf
    • http://www.gorillawalker.com/the-political-economy-of-health.pdf
    • http://www.gorillawalker.com/the-diary-of-jack-the-ripper-the-chilling-confessions-of.pdf
    • http://www.gorillawalker.com/egypt-s-best-sightseeing-black-white-edition-where-the-past.pdf
    • http://www.gorillawalker.com/reptile-medicine-and-surgery-1e.pdf
    • http://www.gorillawalker.com/cristianos-judios-y-musulmanes-spanish-edition.pdf
    • http://www.gorillawalker.com/cruisin-the-amazing-amazon-new-international-version-vacation-bible-school.pdf
    • http://www.gorillawalker.com/the-tyranny-of-silence-kindle-edition.pdf
    • http://www.gorillawalker.com/french-foreign-legion-paratroops-elite.pdf
    • http://www.gorillawalker.com/adams-vs-jefferson.pdf
    • http://www.gorillawalker.com/betty-crocker-s-meatless-main-dishes.pdf
    • http://www.gorillawalker.com/100-keys-to-great-pastel-painting.pdf
    • http://www.gorillawalker.com/slayer-gotrek-felix-book-2-of-the-doom-of-gotrek.pdf
    • http://www.gorillawalker.com/bound-to-the-highlander-the-highland-chiefs-volume-1.pdf
    • http://www.gorillawalker.com/joey-green-s-kitchen-magic-1-882-quick-cooking-tricks.pdf
    • http://www.gorillawalker.com/measuring-current-voltage-and-power-volume-7-handbook-of-sensors.pdf
    • http://www.gorillawalker.com/my-peace-i-give-unto-you-the-true-story-of.pdf
    • http://www.gorillawalker.com/god-told-me-to-break-up-with-you-three-plays.pdf
    • http://www.gorillawalker.com/el-cielo-al-alcance-de-la-mano-the-sky-at.pdf
    • http://www.gorillawalker.com/the-new-york-times-for-the-love-of-crosswords-150.pdf
    • http://www.gorillawalker.com/devonshire-flavour-a-devonshire-treasury-of-recipes-and-personal-notes.pdf
    • http://www.gorillawalker.com/j-rn-vanh-fen-aftermath.pdf
    • http://www.gorillawalker.com/abingdon-old-testament-commentaries-ruth.pdf
    • http://www.gorillawalker.com/the-dead-rabbit-drinks-manual-secret-recipes-and-barroom-tales.pdf
    • http://www.gorillawalker.com/les-paradoxes-du-seigneur-de-malestroict-ed-1568-french-edition.pdf
    • http://www.gorillawalker.com/hands-heal-essentials-documentation-for-massage-therapists-lww-massage-therapy.pdf
    • http://www.gorillawalker.com/the-wisdom-of-insecurity-a-message-for-an-age-of.pdf
    • http://www.gorillawalker.com/working-the-communication-difficulties-meeting-special-education-needs-a-scottish.pdf
    • http://www.gorillawalker.com/processing-administration-systems-highlight-product-offerings-at-iasa-iasa-conference.pdf
    • http://www.gorillawalker.com/jane-serge-a-family-album.pdf
    • http://www.gorillawalker.com/brett-hull-ice-hockey-legends.pdf
    • http://www.gorillawalker.com/mta-bridge-and-tunnel-officer-exam-review-guide.pdf
    • http://www.gorillawalker.com/heavy-metal-november-1977.pdf
    • http://www.gorillawalker.com/loeillet-sonata-in-g-major-op-1-no-3-for.pdf
    • http://www.gorillawalker.com/home-health-care-the-easy-way-a-step-by-step.pdf
    • http://www.gorillawalker.com/taxation-of-s-corporations-in-a-nutshell.pdf
    • http://www.gorillawalker.com/hiking-alabama-2nd-a-guide-to-alabama-s-greatest-hiking.pdf
    • http://www.gorillawalker.com/fragrances-of-the-world-2008.pdf
    • http://www.gorillawalker.com/the-film-experience-an-introduction.pdf
    • http://www.gorillawalker.com/a-story-a-story.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.