Malicious PDF — malware analysis report

Static analysis result for SHA-256 490e9d66cd1f9659…

MALICIOUS

PDF

45.2 KB Created: 2018-12-15 20:01:38 +03:00 Authoring application: Adobe Acrobat 8.3 Combine Files (via Adobe Acrobat 8.31 Paper Capture Plug-in)
MD5: 6fbd3de435426f700cddda7c389c6cc3 SHA-1: b290873f3e3978092ffa3123ecff3d1603a8b8eb SHA-256: 490e9d66cd1f9659198279152c0fe348659a76879b2c28b3a41208b4d88c3a09
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic identified it as a link farm containing 32 external URLs. The document body is heavily obfuscated and unreadable, but the presence of numerous links to seemingly unrelated PDF files hosted on the same domain suggests a coordinated effort to manipulate search engine rankings or distribute content from a central point. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/southern-california-railfan-field-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/ken-en-verstaan-biologie-graad-12-afrikaans-edition.pdf
    • http://www.gorillawalker.com/youth-and-adult-aquatics-program-instructor-training.pdf
    • http://www.gorillawalker.com/fishing-journal.pdf
    • http://www.gorillawalker.com/war-child-a-child-soldier-s-story-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/a-decade-of-popular-hits-the-80-s.pdf
    • http://www.gorillawalker.com/antifungals-from-genomics-to-resistance-and-the-development-of-novel.pdf
    • http://www.gorillawalker.com/my-mini-cooper-its-part-in-my-breakdown.pdf
    • http://www.gorillawalker.com/a-treatise-on-political-economy-or-the-production-distribution-and.pdf
    • http://www.gorillawalker.com/pescados-y-mariscos-seafood-williams-sonoma-spanish-edition.pdf
    • http://www.gorillawalker.com/jin.pdf
    • http://www.gorillawalker.com/200-recetas-zumos-y-batidos-spanish-edition.pdf
    • http://www.gorillawalker.com/tour-view-area-service-and-management-version-2-the-senior.pdf
    • http://www.gorillawalker.com/new-understanding-biology-for-advanced-level-fourth-edition.pdf
    • http://www.gorillawalker.com/too-big-to-fail-brauchen-wir-ein-sonderinsolvenzrecht-fur-banken.pdf
    • http://www.gorillawalker.com/mercury-in-baby-foods-what-the-fda-kept-from-the.pdf
    • http://www.gorillawalker.com/picture-pops-machines.pdf
    • http://www.gorillawalker.com/zen-macrobiotic-cooking-a-book-of-oriental-and-traditional-recipes.pdf
    • http://www.gorillawalker.com/blackjack-tome-1.pdf
    • http://www.gorillawalker.com/living-on-a-budget-real-world-math.pdf
    • http://www.gorillawalker.com/fire-water.pdf
    • http://www.gorillawalker.com/30daysexchallenge-a-journey-to-intimacy.pdf
    • http://www.gorillawalker.com/annotations-on-the-sacred-writings-of-the-hind-s-being.pdf
    • http://www.gorillawalker.com/annual-report-of-the-massachusetts-board-of-registration-in-optometry.pdf
    • http://www.gorillawalker.com/virgin-diet-pressure-cooker-recipes-and-virgin-diet-slow-cooker.pdf
    • http://www.gorillawalker.com/diary-and-letters-of-madame-d-arblay-1797-to-1840.pdf
    • http://www.gorillawalker.com/dr-seuss-the-cat-in-the-hat-activity-placemats-includes.pdf
    • http://www.gorillawalker.com/globalization-and-capitalist-geopolitics-sovereignty-and-state-power-in-a.pdf
    • http://www.gorillawalker.com/af-mit-livs-aarb-ger-1795-1826-danish-edition.pdf
    • http://www.gorillawalker.com/class-struggle-in-hollywood-1930-1950-moguls-mobsters.pdf
    • http://www.gorillawalker.com/the-second-vatican-council-1962-1965-and-the-interpretation-of.pdf
    • http://www.gorillawalker.com/principles-of-functional-verification.pdf
    • http://www.gorillawalker.com/boeing-b-29-superfortress-warbirdtech-vol-14.pdf
    • http://www.gorillawalker.com/you-knew-me-when.pdf
    • http://www.gorillawalker.com/mauritius-west-souvenir-safn-ljosmynda-i-lit-meo-yfirskrift-photo.pdf
    • http://www.gorillawalker.com/cronicas-de-narnia-4-el-principe-caspian-las-cronicas-de.pdf
    • http://www.gorillawalker.com/prom-night-youth-schools-and-popular-culture.pdf
    • http://www.gorillawalker.com/meditaci-n-fuerza-interior-y-fe-spanish-edition.pdf
    • http://www.gorillawalker.com/college-algebra-graphs-and-models-5th-edition.pdf
    • http://www.gorillawalker.com/geology-geomorphology-and-pedology-of-bahrain.pdf
    • http://www.gorillawalker.com/antifungals-from-genomics-to-resistance-and-the-development-of-novel.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.