Malicious PDF — malware analysis report

Static analysis result for SHA-256 457689be5cf46e4c…

MALICIOUS

PDF

40.4 KB Created: 2018-12-28 08:16:54 +03:00 Authoring application: - (via Acrobat Web Capture 5.0)
MD5: a9732bc77874285175c88763d9ec12c1 SHA-1: d04d58b3d476ee168f7f5bcf909889e15efd21b0 SHA-256: 457689be5cf46e4caebe703d24883f4d189a4036bb594140a2e663e476922269
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The document body is heavily obfuscated and unreadable, but the presence of numerous links to a single domain suggests a coordinated effort to direct users to potentially malicious content or for SEO manipulation. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/volition-and-allied-causal-concepts.pdf
    • http://www.gorillawalker.com/essential-concepts-of-bearing-technology-fifth-edition-rolling-bearing-analysis.pdf
    • http://www.gorillawalker.com/the-great-dirigibles.pdf
    • http://www.gorillawalker.com/inside-jihadism-understanding-jihadi-movements-worldwide-the-yale-cultural-sociology.pdf
    • http://www.gorillawalker.com/al-capone-life-times-of.pdf
    • http://www.gorillawalker.com/petrus-romanus-the-final-pope-is-here.pdf
    • http://www.gorillawalker.com/ags-biology.pdf
    • http://www.gorillawalker.com/philosophy-of-goethe-s-faust-studies-in-german-literature.pdf
    • http://www.gorillawalker.com/health-stories-low-beginning-student-book-reading-and-language-activities.pdf
    • http://www.gorillawalker.com/a-savannah-christmas-wish-fitzgerald-house.pdf
    • http://www.gorillawalker.com/excellent-english-level-1-student-book-l1-language-skills-for.pdf
    • http://www.gorillawalker.com/battletech-alpha-kit.pdf
    • http://www.gorillawalker.com/the-contributions-of-biogeomorphology-to-the-emerging-field-of-geobiology.pdf
    • http://www.gorillawalker.com/h-nsel-und-gretel-song-of-the-sandman-evening-prayer.pdf
    • http://www.gorillawalker.com/the-cake-mix-doctor-returns-with-160-all-new-recipes.pdf
    • http://www.gorillawalker.com/multidimensional-real-analysis-i-differentiation-cambridge-studies-in-advanced-mathematics.pdf
    • http://www.gorillawalker.com/like-we-care-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/marvel-comics-2015-vintage-calendar.pdf
    • http://www.gorillawalker.com/last-dance-at-the-wrecker-s-ball.pdf
    • http://www.gorillawalker.com/a-funeral-in-the-bathroom-and-other-bathroom-school-poems.pdf
    • http://www.gorillawalker.com/when-god-doesn-t-make-sense-calendar.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-differential-geometry-bylipschutz.pdf
    • http://www.gorillawalker.com/gastrointestinal-imaging-cases-cases-in-radiology.pdf
    • http://www.gorillawalker.com/analytical-profiles-of-drug-substances-and-excipients-volume-10-analytical.pdf
    • http://www.gorillawalker.com/converting-head-pruned-vines-to-vsp-deponte-cellars-vertical-shoot.pdf
    • http://www.gorillawalker.com/designing-brand-identity-a-complete-guide-to-creating-building-and.pdf
    • http://www.gorillawalker.com/budapest-for-less-for-less-compact-guides.pdf
    • http://www.gorillawalker.com/extreme-survival-missions.pdf
    • http://www.gorillawalker.com/just-recipes-easy-to-cook-recipes-with-inexpensive-ingredients-you.pdf
    • http://www.gorillawalker.com/the-world-beyond-the-hill.pdf
    • http://www.gorillawalker.com/programming-in-mathematica.pdf
    • http://www.gorillawalker.com/introduction-to-the-engineering-and-construction-contract-managing-reality.pdf
    • http://www.gorillawalker.com/soil-liquefaction-a-critical-state-approach.pdf
    • http://www.gorillawalker.com/muskelrevolution-konzepte-und-rezepte-zum-muskel-und-kraftaufbau-german-edition.pdf
    • http://www.gorillawalker.com/from-durrow-to-kells-the-insular-gospel-books-650-800.pdf
    • http://www.gorillawalker.com/personal-interpretation-connecting-your-audience-to-heritage-resources.pdf
    • http://www.gorillawalker.com/the-economics-of-women-men-and-work-6th-edition.pdf
    • http://www.gorillawalker.com/urban-entomology-insect-and-mite-pests-in-the-human-environment.pdf
    • http://www.gorillawalker.com/el-oficio-de-director-de-cine-the-office-of-film.pdf
    • http://www.gorillawalker.com/my-musical-life.pdf
    • http://www.gorillawalker.com/health-stories-low-beginning-student-book-reading-and-language-activit
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.