Malicious PDF — malware analysis report

Static analysis result for SHA-256 496b9f0999db2e9f…

MALICIOUS

PDF

44.6 KB Created: 2018-11-30 01:49:16 +03:00 Authoring application: - (via Acrobat Distiller 2.0 for Macintosh)
MD5: c45129e0e748e43db81b067e5828e4fa SHA-1: 1547cc9d1e130f05047ef7061c49f659e48dfc09 SHA-256: 496b9f0999db2e9f653979ae057997bce0654fb1be5fa165ae4ba638bcaba22b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, suggesting a link farm or SEO poisoning attempt. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/literature-in-language-education-research-and-practice-in-applied-linguistics.pdf
    • http://www.gorillawalker.com/transportation-and-economic-development-challenges-nectar-series-on-transportation-and.pdf
    • http://www.gorillawalker.com/hidden-dangers-railway-safety-in-the-era-of-privatisation.pdf
    • http://www.gorillawalker.com/couple-seeking-babysitter-taboo-forbidden-group-erotica.pdf
    • http://www.gorillawalker.com/children-s-drawings-of-the-human-figure.pdf
    • http://www.gorillawalker.com/robbins-basic-pathology-eighth-edition.pdf
    • http://www.gorillawalker.com/the-abyssinia-crisis-seventy-years-on-socialist-history-journal.pdf
    • http://www.gorillawalker.com/christ-vs-krishna-a-re-reading-of-sakes.pdf
    • http://www.gorillawalker.com/newgrange-archaeology-art-and-legend-new-aspects-of-antiquity.pdf
    • http://www.gorillawalker.com/national-geographic-magazine-october-1983-vol-164-no-4.pdf
    • http://www.gorillawalker.com/militia-marksmanship-training-manual-rifles-and-submachine-guns-type-53.pdf
    • http://www.gorillawalker.com/babe-didrikson-athlete-of-the-century-women-of-our-time.pdf
    • http://www.gorillawalker.com/dewalt-residential-construction-codes-complete-handbook-dewalt-professional-reference.pdf
    • http://www.gorillawalker.com/blues-guitar-lessons-vol-2-over-50-great-lessons-for.pdf
    • http://www.gorillawalker.com/de-average-a-asombroso-levantamiento-de-pesas-una-gu.pdf
    • http://www.gorillawalker.com/kissing-statues-and-selected-poems.pdf
    • http://www.gorillawalker.com/longden-legend.pdf
    • http://www.gorillawalker.com/the-black-witch.pdf
    • http://www.gorillawalker.com/the-eucharist-a-bible-study-guide-for-catholics.pdf
    • http://www.gorillawalker.com/desperado-a-taggart-brothers-novel.pdf
    • http://www.gorillawalker.com/the-history-of-rome-volume-2-books-6-10-unabridged.pdf
    • http://www.gorillawalker.com/the-monkey-pirates.pdf
    • http://www.gorillawalker.com/teen-to-teen-365-daily-devotions-by-teen-guys-for.pdf
    • http://www.gorillawalker.com/david-gentleman-s-britain.pdf
    • http://www.gorillawalker.com/sign-language-interpreting-in-the-workplace.pdf
    • http://www.gorillawalker.com/cyril-of-jerusalem-mystagogue-the-authorship-of-the-mystagogic-catacheses.pdf
    • http://www.gorillawalker.com/carnival-gender-swap-gender-transformation-feminization-erotica.pdf
    • http://www.gorillawalker.com/10-true-tales-secret-agent-ten-true-tales.pdf
    • http://www.gorillawalker.com/the-wright-company-from-invention-to-industry.pdf
    • http://www.gorillawalker.com/when-your-loved-one-has-a-stroke-a-family-caregiver.pdf
    • http://www.gorillawalker.com/500-low-carb-recipes-500-recipes-from-snacks-to-dessert.pdf
    • http://www.gorillawalker.com/where-angels-fear-to-tread-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/estonia-bradt-travel-guides-by-taylor-neil-2014-paperback.pdf
    • http://www.gorillawalker.com/the-taming-of-the-elite-the-new-world-order.pdf
    • http://www.gorillawalker.com/dun-ailinne-excavations-at-an-irish-royal-site-1968-1975.pdf
    • http://www.gorillawalker.com/littlebigplanet-ultimate-official-guidebook.pdf
    • http://www.gorillawalker.com/physical-feats-failures-library-bound-time-for-kids-nonfiction-readers.pdf
    • http://www.gorillawalker.com/teenage-drivers.pdf
    • http://www.gorillawalker.com/devil-s-cut-order-of-the-rod-book-1.pdf
    • http://www.gorillawalker.com/ask-jackie-food-storage-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.