Malicious PDF — malware analysis report

Static analysis result for SHA-256 493bfb703e7307a6…

MALICIOUS

PDF

41.0 KB Created: 2018-12-28 08:09:12 +03:00 Authoring application: XSL Formatter V4.3 MR8 for Windows (via Acrobat Distiller 7.0.5 (Windows))
MD5: b3a3197145d142bbb0eeb3c88f250b28 SHA-1: a3999c25f3d25a953ce9063bf2008c0ac36b00f1 SHA-256: 493bfb703e7307a63a5b62f1d73ac05d3a7f5d48d33ae03e38f55e5e14bf93e9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF was flagged by an ML classifier and contains a large number of external links to other PDF files hosted on the same domain. This behavior is indicative of a link farm, potentially used for SEO manipulation or to distribute a variety of malicious documents. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the immediate intent beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/an-unremarkable-man.pdf
    • http://www.gorillawalker.com/dance-for-me-new-adult-romance-fenbrook-academy-volume-1.pdf
    • http://www.gorillawalker.com/derbyshire-and-the-peak-district-mountain-bike-guide.pdf
    • http://www.gorillawalker.com/topaze.pdf
    • http://www.gorillawalker.com/les-juifs-d-algerie-et-la-france-1830-1855-french.pdf
    • http://www.gorillawalker.com/the-diary-of-vaslav-nijinsky.pdf
    • http://www.gorillawalker.com/counseling-single-parents-a-cognitive-behavioral-approach.pdf
    • http://www.gorillawalker.com/crawfishes-of-louisiana.pdf
    • http://www.gorillawalker.com/house-rabbit-handbook-how-to-live-with-an-urban-rabbit.pdf
    • http://www.gorillawalker.com/the-log-cabin-wedding.pdf
    • http://www.gorillawalker.com/a-conductor-s-guide-to-symphonies-i-ii-and-iii.pdf
    • http://www.gorillawalker.com/12-minuets-woo-7-clarinet-2-part-qty-3-a1294.pdf
    • http://www.gorillawalker.com/contemporary-short-stories-from-central-america-ilas-translations-from-latin.pdf
    • http://www.gorillawalker.com/my-road-to-deschapelles.pdf
    • http://www.gorillawalker.com/nakajima-ki-44-shoki-ia-b-c-iia-b-c.pdf
    • http://www.gorillawalker.com/surinam.pdf
    • http://www.gorillawalker.com/let-me-set-you-free-a-gay-erotic-short-story.pdf
    • http://www.gorillawalker.com/goldenseal-garoul-book-1.pdf
    • http://www.gorillawalker.com/adventures-of-max-the-minnow-eyeball-animation-wiggle-eyes.pdf
    • http://www.gorillawalker.com/an-introduction-to-queueing-theory-modeling-and-analysis-in-applications.pdf
    • http://www.gorillawalker.com/canadian-maternity-and-pediatric-nursing.pdf
    • http://www.gorillawalker.com/wild-cards-i.pdf
    • http://www.gorillawalker.com/burnside-s-bridge-the-climactic-struggle-of-the-2nd-and.pdf
    • http://www.gorillawalker.com/calculating-area-space-rocket-math-monsters.pdf
    • http://www.gorillawalker.com/the-american-movies-the-history-films-awards-a-pictorial-encyclopedia.pdf
    • http://www.gorillawalker.com/for-maria-xiii-vol-9-volume-9.pdf
    • http://www.gorillawalker.com/oklahoma-city-bombing-the-suppressed-truth.pdf
    • http://www.gorillawalker.com/churchill-s-pocketbook-of-differential-diagnosis-4e-churchill-pocketbooks.pdf
    • http://www.gorillawalker.com/japanese-mythology-in-film-a-semiotic-approach-to-reading-japanese.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-creative-thought-book-four-how-to-become.pdf
    • http://www.gorillawalker.com/the-sacred-in-life-and-art.pdf
    • http://www.gorillawalker.com/god-with-us-a-worship-experience-for-all-seasons-sheet.pdf
    • http://www.gorillawalker.com/the-dreams-of-two-yi-min-kolowalu-books.pdf
    • http://www.gorillawalker.com/bug-the-strange-mutations-of-the-world-s-most-famous.pdf
    • http://www.gorillawalker.com/calling-on-dragons-the-enchanted-forest-chronicles-book-three.pdf
    • http://www.gorillawalker.com/hospice-and-palliative-nursing-assistant-core-curriculum.pdf
    • http://www.gorillawalker.com/illusions-of-technology-project-management-kindle-edition.pdf
    • http://www.gorillawalker.com/moving-on-a-family-saga-set-in-1970-s-liverpool.pdf
    • http://www.gorillawalker.com/the-juice-generation-100-recipes-for-fresh-juices-and-superfood.pdf
    • http://www.gorillawalker.com/heart-speaks-to-heart-ecumenical-studies-in-spirituality.pdf
    • http://www.gorillawalker.com/house-rabbi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.