Malicious PDF — malware analysis report

Static analysis result for SHA-256 470a0707cfc3b6e3…

MALICIOUS

PDF

32.1 KB Created: 2019-12-14 07:13:19 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: 44bc43ed43b53d73c3e46145602bc075 SHA-1: b58f6ee134355c5aa55253c796806bacc7e45511 SHA-256: 470a0707cfc3b6e369f776a42009025af2a0ee2faa49e8f1cf2f31536b585f7d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO poisoning attack. The ML classifier also indicated a high probability of maliciousness. No scripts were extracted, and the document body was heavily obfuscated, but the sheer volume of links to seemingly unrelated PDF documents points to a deceptive or manipulative purpose.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/challenger-s-top-100-soccer-practices-the-most-effective-youth.pdf
    • http://www.gorillawalker.com/a-family-guide-to-the-grand-circle-national-parks-covering.pdf
    • http://www.gorillawalker.com/crowdfunding-checklist-how-to-raise-money-for-a-best-selling.pdf
    • http://www.gorillawalker.com/helping-the-fearful-child.pdf
    • http://www.gorillawalker.com/troubleshooters-the-longest-joke-ever-told-kindle-edition.pdf
    • http://www.gorillawalker.com/the-primitivist-theory-of-truth-cambridge-studies-in-philosophy.pdf
    • http://www.gorillawalker.com/living-with-discipline-issues.pdf
    • http://www.gorillawalker.com/chapter-26-familial-hypophosphatemia-and-related-disorders-kindle-edition.pdf
    • http://www.gorillawalker.com/clinical-evidence-in-intensive-care.pdf
    • http://www.gorillawalker.com/zoo-patterns-heinemann-read-and-learn.pdf
    • http://www.gorillawalker.com/the-new-radicalism-in-america-1889-1963-the-intellectual-as.pdf
    • http://www.gorillawalker.com/fascismo-abbandonato.pdf
    • http://www.gorillawalker.com/nunn-146-s-chess-endings-volume-2.pdf
    • http://www.gorillawalker.com/secret-scars.pdf
    • http://www.gorillawalker.com/spider-rider-bedtime-stories-for-toddler-in-animals-collection-volume.pdf
    • http://www.gorillawalker.com/boudin-a-guide-to-louisiana-s-extraordinary-link.pdf
    • http://www.gorillawalker.com/the-constitutions-of-the-free-masons-containing-the-history-charges.pdf
    • http://www.gorillawalker.com/the-marriage-bargain-marriage-to-a-billionaire.pdf
    • http://www.gorillawalker.com/philosophical-hermeneutics.pdf
    • http://www.gorillawalker.com/teaching-vocabulary-in-all-classrooms-5th-edition-pearson-professional-development.pdf
    • http://www.gorillawalker.com/bourei-kouro-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/water-as-a-liquid.pdf
    • http://www.gorillawalker.com/we-gather-together-for-2-part-equal-voices-with-keyboard.pdf
    • http://www.gorillawalker.com/introduction-to-russian-mennonites-a-story-of-flights-and-resettlements.pdf
    • http://www.gorillawalker.com/black-metal-evolution-of-the-cult-kindle-edition.pdf
    • http://www.gorillawalker.com/the-hemiphractid-frogs-phylogeny-embryology-life-history-and-cytogenetics.pdf
    • http://www.gorillawalker.com/vic-demerly.pdf
    • http://www.gorillawalker.com/the-satanic-verses.pdf
    • http://www.gorillawalker.com/gertrude-bell-exp-o-t-middle-east-wmn-exp-women.pdf
    • http://www.gorillawalker.com/jung-and-yoga-the-psyche-body-connection-studies-in-jungian.pdf
    • http://www.gorillawalker.com/basic-maternity-nursing.pdf
    • http://www.gorillawalker.com/i-see-the-philippines-rise.pdf
    • http://www.gorillawalker.com/genius-deck-number-puzzles-for-kids-genius-decks.pdf
    • http://www.gorillawalker.com/the-fair-weather-and-rainy-day-handy-book-dover-children.pdf
    • http://www.gorillawalker.com/fundamentals-of-harmony.pdf
    • http://www.gorillawalker.com/same-same-but-different.pdf
    • http://www.gorillawalker.com/an-introduction-to-ordinary-differential-equations-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/trigun-maximum-omnibus-volume-1.pdf
    • http://www.gorillawalker.com/the-life-of-a-grasshopper-raintree-perspectives.pdf
    • http://www.gorillawalker.com/by-larry-jeffus-welding-principles-and-applications-4th-fourth-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.