Malicious PDF — malware analysis report

Static analysis result for SHA-256 466824ddbebe86bc…

MALICIOUS

PDF

46.2 KB Created: 2018-11-28 08:46:18 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: 866cc6e53a45226cc823f30604422dee SHA-1: d03f7f0318bb36a288fa1ec5b9b98dd51145e573 SHA-256: 466824ddbebe86bcd94b3dbe57b43505525dc5decf35db4214d748476acd039e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to a single domain. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/my-life-it-s-a-long-story.pdf
    • http://www.gorillawalker.com/a-short-history-of-chemistry-third-edition-dover-books-on.pdf
    • http://www.gorillawalker.com/m26-m46-pershing-tank-1943-53-new-vanguard-kindle-edition.pdf
    • http://www.gorillawalker.com/the-new-safari.pdf
    • http://www.gorillawalker.com/nuevas-voces-para-la-paz-certamen-internacional-de-poes-a.pdf
    • http://www.gorillawalker.com/saqiyuq-stories-from-the-lives-of-three-inuit-women-mcgill.pdf
    • http://www.gorillawalker.com/mustang-field-guide-1964-2005.pdf
    • http://www.gorillawalker.com/you-god-an-invitation-to-radical-living.pdf
    • http://www.gorillawalker.com/llewellyn-s-2015-astrological-pocket-planner-daily-ephemeris-aspectarian-2014.pdf
    • http://www.gorillawalker.com/shreya-ghoshal-152-success-secrets-152-most-asked-questions-on.pdf
    • http://www.gorillawalker.com/electronic-circuits-for-the-evil-genius-2-e.pdf
    • http://www.gorillawalker.com/louis-rukeyser-s-book-of-lists.pdf
    • http://www.gorillawalker.com/mathematics-applications-and-connections-course-1-student-edition.pdf
    • http://www.gorillawalker.com/votre-soiree-a-beijing-french-edition.pdf
    • http://www.gorillawalker.com/social-impact-assessment.pdf
    • http://www.gorillawalker.com/the-big-book-of-elephant-jokes-for-kids-an-interactive.pdf
    • http://www.gorillawalker.com/collins-decimal-gem-reckoner.pdf
    • http://www.gorillawalker.com/geometric-invariant-theory-ergebnisse-der-mathematik-und-ihrer-grenzgebiete-2.pdf
    • http://www.gorillawalker.com/killer-verse-poems-of-murder-and-mayhem-everyman-s-library.pdf
    • http://www.gorillawalker.com/a-narrative-of-the-visit-to-the-american-churches-by.pdf
    • http://www.gorillawalker.com/recipes-salads-easy-to-make-diet-recipes-for-weight-loss.pdf
    • http://www.gorillawalker.com/college-planning-steering-committee-recommended-civil-engineering-materials-bridge-engineering.pdf
    • http://www.gorillawalker.com/bioeconomic-modelling-and-valuation-of-exploited-marine-ecosystems-economy-environment.pdf
    • http://www.gorillawalker.com/ashrae-thermal-comfort-tool-cd-version-2.pdf
    • http://www.gorillawalker.com/thomas-guide-2002-metropolitan-monterey-bay-including-monterey-santa-cruz.pdf
    • http://www.gorillawalker.com/leadership-in-context.pdf
    • http://www.gorillawalker.com/fiends-of-the-eastern-front-3-twilight-of-the-dead.pdf
    • http://www.gorillawalker.com/the-testosterone-advantage-plan-lose-weight-gain-muscle-boost-energy.pdf
    • http://www.gorillawalker.com/fatima-portugal-holiday-unha-experiencia-moi-sorprendente-relaxarse-relaxarse-e.pdf
    • http://www.gorillawalker.com/irritable-bowel-syndrome-a-practical-review-disease-disorder-overview-an.pdf
    • http://www.gorillawalker.com/historical-memory-and-representation-of-the-vietnam-war-united-states.pdf
    • http://www.gorillawalker.com/indian-trail-choose-your-own-adventure-dragonlark.pdf
    • http://www.gorillawalker.com/letts-wild-about-151-english-grammar-punctuation-age-7-9.pdf
    • http://www.gorillawalker.com/migration-and-economic-growth-the-international-library-of-studies-on.pdf
    • http://www.gorillawalker.com/troubleshooting-maintaining-repairing-pcs-with-cdrom.pdf
    • http://www.gorillawalker.com/larger-than-life-novella-kindle-single-kindle-edition.pdf
    • http://www.gorillawalker.com/yoga-for-your-type-an-ayurvedic-approach-to-your-asana.pdf
    • http://www.gorillawalker.com/the-rising-of-bread-for-the-world-an-outcry-of.pdf
    • http://www.gorillawalker.com/longman-preparation-course-for-the-toefl-test-ibt-reading-with.pdf
    • http://www.gorillawalker.com/100-division-worksheets-with-5-digit-dividends-3-digit-divisors.pdf
    • http://www.gorillawalker.com/the-new-s
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.