Malicious PDF — malware analysis report

Static analysis result for SHA-256 44fcf636113ca6ec…

MALICIOUS

PDF

42.4 KB Created: 2018-12-15 20:01:34 +03:00 Authoring application: Adobe Acrobat 8.1 Combine Files (via Acrobat Distiller 8.1.0 (Windows))
MD5: d1a7c09abcec3b84b8c074065fa3433a SHA-1: 42b9c30fe28c4e039d632af2be59f21b5b581e0e SHA-256: 44fcf636113ca6ecf472735255fda1d2c3674d03799eb869753ad220f19781b8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern involves directing users to a wide array of external websites, likely for SEO manipulation or to host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mature-audiences-television-and-the-elderly-communications-media-and-cultures.pdf
    • http://www.gorillawalker.com/old-mistresses-women-art-and-ideology.pdf
    • http://www.gorillawalker.com/cooking-in-everyday-english-the-abcs-of-great-flavor-at.pdf
    • http://www.gorillawalker.com/thinking-about-inequality-personal-judgment-and-income-distributions.pdf
    • http://www.gorillawalker.com/how-to-solve-difficult-sudoku-puzzles-even-the-world-s.pdf
    • http://www.gorillawalker.com/bentley-a-legend-reborn-haynes-classic-makes.pdf
    • http://www.gorillawalker.com/177-color-paintings-of-franz-xaver-winterhalter-german-portrait-painter.pdf
    • http://www.gorillawalker.com/the-familiar-made-strange-american-icons-and-artifacts-after-the.pdf
    • http://www.gorillawalker.com/pure-genius-building-a-culture-of-innovation-and-taking-20.pdf
    • http://www.gorillawalker.com/ready-to-use-animal-silhouettes-dover-clip-art-ready-to.pdf
    • http://www.gorillawalker.com/clinical-tropical-medicine-v-2.pdf
    • http://www.gorillawalker.com/rcadvisor-s-model-airplane-design-made-easy-the-simple-guide.pdf
    • http://www.gorillawalker.com/ethics-in-policy-analysis-occupational-ethics-series.pdf
    • http://www.gorillawalker.com/moving-to-maui.pdf
    • http://www.gorillawalker.com/cambridge-igcse-physics-summarised.pdf
    • http://www.gorillawalker.com/web-development-with-jquery.pdf
    • http://www.gorillawalker.com/hanson-shout-it-out-piano-vocal-and-guitar.pdf
    • http://www.gorillawalker.com/hobnobbing-with-a-countess-and-other-okanagan-adventures-the-diaries.pdf
    • http://www.gorillawalker.com/toy-story-3-the-essential-guide-dk-essential-guides.pdf
    • http://www.gorillawalker.com/wind-chime-caf-a-wind-chime-novel-book-1.pdf
    • http://www.gorillawalker.com/birds-of-prey-of-the-southwest.pdf
    • http://www.gorillawalker.com/teckning-af-carl-olof-rosenii-lif-och-werksamhet-hans-w.pdf
    • http://www.gorillawalker.com/how-to-raise-an-adopted-child.pdf
    • http://www.gorillawalker.com/the-father-i-never-knew.pdf
    • http://www.gorillawalker.com/beating-the-system-hackers-phreakers-and-electronic-spies-the-inside.pdf
    • http://www.gorillawalker.com/apostles-of-culture-public-librarian-and-american-society-1876-1920.pdf
    • http://www.gorillawalker.com/scala-cookbook-recipes-for-object-oriented-and-functional-programming.pdf
    • http://www.gorillawalker.com/preventing-violent-conflicts-a-strategy-for-preventive-diplomacy.pdf
    • http://www.gorillawalker.com/foundation-drafting-and-perspective-drawing.pdf
    • http://www.gorillawalker.com/the-disobedience-of-the-daughter-of-the-sun-a-mayan.pdf
    • http://www.gorillawalker.com/irish-feminist-futures-transformations-digital.pdf
    • http://www.gorillawalker.com/treatise-on-invertebrate-paleontology-part-c-protista-2-volume-2.pdf
    • http://www.gorillawalker.com/explanatory-notes-upon-the-new-testament.pdf
    • http://www.gorillawalker.com/the-the-enemy-hunted-book-6.pdf
    • http://www.gorillawalker.com/looking-at-films-introducing-media-studies.pdf
    • http://www.gorillawalker.com/sloth-seven-deadly-sins.pdf
    • http://www.gorillawalker.com/kalaupapa-a-collective-memory-a-latitude-20-book.pdf
    • http://www.gorillawalker.com/ecg-pocket-brain-essentials-5th-edition-2011.pdf
    • http://www.gorillawalker.com/independence-day-holiday-histories-sagebrush.pdf
    • http://www.gorillawalker.com/wondrous-easter-10-contemporary-arrangements-for-easter-sunday-sacred-performer.pdf
    • http://www.gorillawalker.com/the-familiar-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.