Malicious PDF — malware analysis report

Static analysis result for SHA-256 46be0c9acecf0dec…

MALICIOUS

PDF

44.2 KB Created: 2018-11-30 20:57:00 +03:00 Authoring application: Acrobat Distiller 5.0 (Windows) (via Adobe PDF Library 9.9)
MD5: a8e7eb9de934f6904af96f0e8992ae55 SHA-1: 8e26216d1418537f619ca535f0e730d549584483 SHA-256: 46be0c9acecf0dec1bded5f0f1cda2df03524a9eaeaca1d60989940e5c39e551
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a large farm of external links, a common technique for SEO manipulation or distributing malicious content. The ML classifier also indicated a high probability of maliciousness. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/games-puzzles-and-computation.pdf
    • http://www.gorillawalker.com/bible-heroes-and-helpers-tails-adventures-activity-books.pdf
    • http://www.gorillawalker.com/brochures-5-graphis-brochures-no-5.pdf
    • http://www.gorillawalker.com/krapp-s-last-tape.pdf
    • http://www.gorillawalker.com/the-victorian-gardener-paperback.pdf
    • http://www.gorillawalker.com/symbolism-in-architecture-design-jean-pierre-heim-architect.pdf
    • http://www.gorillawalker.com/opposing-viewpoints-series-media-violence-hardcover-edition.pdf
    • http://www.gorillawalker.com/landscape-photographer-of-the-year-collection-03.pdf
    • http://www.gorillawalker.com/effective-inhalation-therapy.pdf
    • http://www.gorillawalker.com/black-man-white-man-afghan-rags-to-riches-to-wealth.pdf
    • http://www.gorillawalker.com/martial-arts-for-children-winning-ways-mastering-martial-arts.pdf
    • http://www.gorillawalker.com/then-you-happened-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/textbook-of-radiopharmacy-theory-and-practice.pdf
    • http://www.gorillawalker.com/systems-and-software-verification-model-checking-techniques-and-tools.pdf
    • http://www.gorillawalker.com/by-lonely-planet-lonely-planet-argentina-travel-guide-9th-edition.pdf
    • http://www.gorillawalker.com/the-westminster-handbook-to-reformed-theology-westminster-handbooks-to-christian.pdf
    • http://www.gorillawalker.com/the-complete-book-of-dwarves-advanced-dungeons-dragons-player-s.pdf
    • http://www.gorillawalker.com/russian-for-chessplayers.pdf
    • http://www.gorillawalker.com/the-seminar-of-jacques-lacan-the-ethics-of-psychoanalysis-vol.pdf
    • http://www.gorillawalker.com/jagdeinsitzer-heinkel-he-100-weltrekordmaschine-und-propagandavogel-volume-120.pdf
    • http://www.gorillawalker.com/confirmation-student-service-project-notebook-kindle-edition.pdf
    • http://www.gorillawalker.com/shellshocked.pdf
    • http://www.gorillawalker.com/paraspheres.pdf
    • http://www.gorillawalker.com/guardianship-for-the-elderly-guardianship-law.pdf
    • http://www.gorillawalker.com/paris-i-love-you-but-you-re-bringing-me-down.pdf
    • http://www.gorillawalker.com/il-malato-immaginario-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-4310-370-14-compressor.pdf
    • http://www.gorillawalker.com/pharmaceutical-chemistry-therapeutic-aspects-of-biomacromolecules.pdf
    • http://www.gorillawalker.com/demi-lovato-songs-quiz-book-96-q-a-about-songs.pdf
    • http://www.gorillawalker.com/analytical-methods-for-risk-management-a-systems-engineering-perspective-statistics.pdf
    • http://www.gorillawalker.com/black-sun-the-eyes-of-four-roots-and-innovation-in.pdf
    • http://www.gorillawalker.com/tasp-the-best-test-preparation-for-the-texas-academic-skills.pdf
    • http://www.gorillawalker.com/confronting-captivity-britain-and-the-united-states-and-their-pows.pdf
    • http://www.gorillawalker.com/the-forgotten-revolution-when-history-forgets-revisiting-critical-places-of.pdf
    • http://www.gorillawalker.com/you-can-make-a-puppet-now-how-to-make-patterns.pdf
    • http://www.gorillawalker.com/somewhere-nowhere-kindle-edition.pdf
    • http://www.gorillawalker.com/cucina-vini-and-castelli-italian-favourite-recipes-for-the-discerning.pdf
    • http://www.gorillawalker.com/blanche-knott-s-book-of-truly-tasteless-etiquette.pdf
    • http://www.gorillawalker.com/cocina-para-microondas-y-freezer-kitchen-microwave-and-freezer-spanish.pdf
    • http://www.gorillawalker.com/interpreting-musical-gestures-topics-and-tropes-mozart-beethoven-schubert-musical.pdf
    • http://www.gorillawalker.com/landscape-p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.