Malicious PDF — malware analysis report

Static analysis result for SHA-256 497dd1813337d957…

MALICIOUS

PDF

45.7 KB Created: 2018-12-05 11:09:23 +03:00 Authoring application: SYSTEM400 Rev 16.02 (via Acrobat Distiller 4.05 for Windows, Powered by PDF Polisher Pro 5.01 420)
MD5: edc06b1eb93310cbc4f4daeff0f52ffc SHA-1: dc4f4f7f6e3a1534844f59e4efa4a60ffe18caaa SHA-256: 497dd1813337d95712fe5ffe6c06464bfea144a39d6f92f0e9cdb717f2efc680
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDFs hosted on the same domain. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The document body itself is heavily obfuscated and does not provide clear textual clues, but the heuristic firings strongly suggest a malicious intent related to link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/perennial-combinations-stunning-combinations-that-make-your-garden-look-fantastic.pdf
    • http://www.gorillawalker.com/endless-forms-most-beautiful-the-new-science-of-evo-devo.pdf
    • http://www.gorillawalker.com/don-carlos-act-iii-ballet-de-la-reine-tuba-part.pdf
    • http://www.gorillawalker.com/surveying-fiberglass-sailboats-a-step-by-step-guide-for-buyers.pdf
    • http://www.gorillawalker.com/help-i-m-leading-worship-worship-book.pdf
    • http://www.gorillawalker.com/anti-tumour-necrosis-factor-therapy-in-inflammatory-bowel-disease-frontiers.pdf
    • http://www.gorillawalker.com/the-seventh-sword-psychic-quest-for-king-arthur-s-sword.pdf
    • http://www.gorillawalker.com/dk-adventures-in-the-shadow-of-the-volcano.pdf
    • http://www.gorillawalker.com/miley-cyrus-this-is-her-life.pdf
    • http://www.gorillawalker.com/voyages-de-grande-croisiere-french-edition.pdf
    • http://www.gorillawalker.com/eternity-of-eagles-the-human-history-of-the-most-fascinating.pdf
    • http://www.gorillawalker.com/re-discovering-the-ministry-of-the-evangelist.pdf
    • http://www.gorillawalker.com/the-color-of-rain.pdf
    • http://www.gorillawalker.com/accidents-of-nature-kindle-edition.pdf
    • http://www.gorillawalker.com/sm-algebra-trigonometry-aie.pdf
    • http://www.gorillawalker.com/dan-eldon-safari-as-a-way-of-life.pdf
    • http://www.gorillawalker.com/the-consumer-compliance-handbook-price-waterhouse.pdf
    • http://www.gorillawalker.com/taxonomy-and-paleoecology-of-early-miocene-benthic-formainifera-of-northern.pdf
    • http://www.gorillawalker.com/freak-of-nurture.pdf
    • http://www.gorillawalker.com/oh-say-can-you-say-what-s-the-weather-today.pdf
    • http://www.gorillawalker.com/dark-lover-black-dagger-brotherhood-book-1.pdf
    • http://www.gorillawalker.com/the-fly-fisher-s-guide-to-warmwater-lakes.pdf
    • http://www.gorillawalker.com/still-smiling-a-conversation-with-a-prostate-cancer-survivor.pdf
    • http://www.gorillawalker.com/hartrampf-s-vocabularies-synonyms-antonyms-relatives.pdf
    • http://www.gorillawalker.com/insufficient-funds-savings-assets-credit-and-banking-among-low-income.pdf
    • http://www.gorillawalker.com/neuronal-cell-culture-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/charter-schools-the-ultimate-handbook-for-parents.pdf
    • http://www.gorillawalker.com/loose-leaf-version-of-chemistry-with-connect-access-card.pdf
    • http://www.gorillawalker.com/professional-driving-techniques-teachers-guide-driver-s-education.pdf
    • http://www.gorillawalker.com/the-attributes-of-god-volume-2.pdf
    • http://www.gorillawalker.com/advances-in-mobile-and-wireless-communications-views-of-the-16th.pdf
    • http://www.gorillawalker.com/mediating-between-heaven-and-earth-communication-with-the-divine-in.pdf
    • http://www.gorillawalker.com/baby-animals-on-the-farm-rookie-toddler.pdf
    • http://www.gorillawalker.com/daddy-doesn-t-live-here-anymore.pdf
    • http://www.gorillawalker.com/snowboarding-the-essential-guide-to-equipment-and-techniques-by-goldman.pdf
    • http://www.gorillawalker.com/crave-atlanta-the-urban-girl-s-manifesto.pdf
    • http://www.gorillawalker.com/classical-and-quantum-effects-in-electrodynamics-horizons-in-world-physics.pdf
    • http://www.gorillawalker.com/summer-queen.pdf
    • http://www.gorillawalker.com/the-holy-spirit-a-pentecostal-interpretation.pdf
    • http://www.gorillawalker.com/phim-2-intro-and-intermediate-algebra-software.pdf
    • http://www.gorillawalker.com/anti-tumour-necrosis-factor-therapy-in-inflammatory-bowel-disease-front
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.