Malicious PDF — malware analysis report

Static analysis result for SHA-256 480fe1c30abd0f19…

MALICIOUS

PDF

42.9 KB Created: 2018-11-15 19:34:21 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 2b9f06e7ae2a93acbfe11d8d92a9077b SHA-1: a25e8d7b81019f2450ab01575cc8ebaa290d099c SHA-256: 480fe1c30abd0f195ecd678203933649c40da8008a42fe094f6135b2b0ae040e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The document body contains numerous URLs pointing to external PDF files, suggesting a link farm or redirection strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/la-carte-oubli.pdf
    • http://www.gorillawalker.com/games-to-play-with-babies-3rd-edition.pdf
    • http://www.gorillawalker.com/up-in-smoke.pdf
    • http://www.gorillawalker.com/the-best-of-cyprus-globetrotter-concise-guide.pdf
    • http://www.gorillawalker.com/introducing-evolutionary-psychology-a-graphic-guide.pdf
    • http://www.gorillawalker.com/pocket-reference-for-ecgs-made-easy-5e.pdf
    • http://www.gorillawalker.com/orders-is-orders-stories-from-the-golden-age.pdf
    • http://www.gorillawalker.com/transpecial-paperback.pdf
    • http://www.gorillawalker.com/five-great-novels.pdf
    • http://www.gorillawalker.com/calvary-to-pentecost-kindle-edition.pdf
    • http://www.gorillawalker.com/mesmerism-in-india-and-its-practical-application-in-surgery-and.pdf
    • http://www.gorillawalker.com/year-of-the-rat-how-bill-clinton-compromised-u-s.pdf
    • http://www.gorillawalker.com/immigration-crime-and-justice-sociology-of-crime-law-and-deviance.pdf
    • http://www.gorillawalker.com/families-in-german-die-familien-world-languages-families-multilingual-edition.pdf
    • http://www.gorillawalker.com/5-seconds-of-summer-2016-calendar.pdf
    • http://www.gorillawalker.com/the-tragedy-of-nijinsky.pdf
    • http://www.gorillawalker.com/zen-and-the-art-of-fatherhood-lessons-from-a-master.pdf
    • http://www.gorillawalker.com/oneness-and-the-displacement-of-self-dialogues-on-self-realization.pdf
    • http://www.gorillawalker.com/dell-crazy-for-sudoku-maximum-edition-volume-35.pdf
    • http://www.gorillawalker.com/victorian-and-edwardian-decor-from-the-gothic-revivial-to-art.pdf
    • http://www.gorillawalker.com/he-s-the-one-sweet-valley-jr-high-tm.pdf
    • http://www.gorillawalker.com/grooming-gossip-and-the-evolution-of-language.pdf
    • http://www.gorillawalker.com/learn-german-with-paul-noble.pdf
    • http://www.gorillawalker.com/luke-that-you-may-know-the-truth-volume-ii-hughes.pdf
    • http://www.gorillawalker.com/paleo-easter-cookbook-fast-and-easy-recipes-for-busy-moms.pdf
    • http://www.gorillawalker.com/big-activity-books-mazes.pdf
    • http://www.gorillawalker.com/mattel-70-years-of-innovation-and-play.pdf
    • http://www.gorillawalker.com/iceland-1-425-000-travel-map-travel-reference-map-2006.pdf
    • http://www.gorillawalker.com/immunologists-and-virologists-great-scientists-cavendish-square.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-telescope-mount-m146-1240-00-864.pdf
    • http://www.gorillawalker.com/mulholland-s-book-of-magic.pdf
    • http://www.gorillawalker.com/veterinary-clinics-of-north-america-food-animal-practice-field-surgery.pdf
    • http://www.gorillawalker.com/veterinary-anatomy-and-physiology-a-workbook-for-students-1e.pdf
    • http://www.gorillawalker.com/the-imitation-of-christ-in-the-gospel-of-luke-growing.pdf
    • http://www.gorillawalker.com/logic-of-imagination-the-expanse-of-the-elemental-studies-in.pdf
    • http://www.gorillawalker.com/my-naughty-little-sister-and-bad-harry.pdf
    • http://www.gorillawalker.com/sea-power-in-the-pacific-a-study-of-the-american.pdf
    • http://www.gorillawalker.com/nativity-scenes-suite-for-string-orchestra-full-score.pdf
    • http://www.gorillawalker.com/iso-5840-2005-cardiovascular-implants-cardiac-valve-prostheses.pdf
    • http://www.gorillawalker.com/iron-lazar-a-political-biography-of-lazar-kaganovich-anthem-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.