Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c550b0206a2aedc…

MALICIOUS

PDF

46.5 KB Created: 2018-11-23 08:08:44 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 9.5.5 (Windows))
MD5: 6b57c665a12f865ddffe6c4d07cd3f3d SHA-1: 3382fa0197921ab9aa563410262c858524d882b5 SHA-256: 4c550b0206a2aedc3bfae35472dcbbb4f94a87c8956b72868b63d4fc9180c0fc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated, preventing analysis of its specific content, but the link farm suggests a tactic to drive traffic to potentially malicious or SEO-manipulated content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hamburger-gourmet-bible-delicious-and-mouth-watering-burger-recipes-easy.pdf
    • http://www.gorillawalker.com/kilt-trip-part-1-a-scottish-highlander-historical-romance-kindle.pdf
    • http://www.gorillawalker.com/naturally-selected-the-evolutionary-science-of-leadership.pdf
    • http://www.gorillawalker.com/the-selective-mutism-resource-manual.pdf
    • http://www.gorillawalker.com/eye-popping-photo-puzzles-spot-the-differences-more.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-antiperspirants-deodorants-and-body.pdf
    • http://www.gorillawalker.com/the-future-of-scientific-knowledge-discovery-in-open-networked-environments.pdf
    • http://www.gorillawalker.com/the-informed-shopper-tips-for-buying-technology.pdf
    • http://www.gorillawalker.com/love-in-a-cool-climate-the-letters-of-mark-pattison.pdf
    • http://www.gorillawalker.com/3-po-mes-juifs-trombone-1-2-and-3-parts.pdf
    • http://www.gorillawalker.com/transforming-the-world-bringing-the-new-age-into-focus.pdf
    • http://www.gorillawalker.com/highland-burn-guardians-of-scotland-volume-1.pdf
    • http://www.gorillawalker.com/the-clock-of-the-long-now-time-and-responsibility.pdf
    • http://www.gorillawalker.com/copic-coloring-guide-level-4-fine-details.pdf
    • http://www.gorillawalker.com/poor-fishermen-with-boats.pdf
    • http://www.gorillawalker.com/jamaican-dinners-healthy-nature-style-jamaican-common-meals-volume-1.pdf
    • http://www.gorillawalker.com/mitigating-shore-erosion-along-sheltered-coasts.pdf
    • http://www.gorillawalker.com/mathematical-foundations-of-computer-science-2014-39th-international-symposium-mfcs.pdf
    • http://www.gorillawalker.com/ruthie-s-rude-friends-easy-to-read-puffin.pdf
    • http://www.gorillawalker.com/mous-certification-review-microsoft-word-2000.pdf
    • http://www.gorillawalker.com/168-recetas-para-preparar-tortas-y-caf.pdf
    • http://www.gorillawalker.com/150-first-spanish-phrases.pdf
    • http://www.gorillawalker.com/embryology-3rd-edition-national-medical-specialist-adult-education-planning-materials.pdf
    • http://www.gorillawalker.com/deliverance-hooch-and-matt-s-story.pdf
    • http://www.gorillawalker.com/law-and-providence-in-joseph-bellamy-s-new-england-the.pdf
    • http://www.gorillawalker.com/us-army-radio-wave-propagation-and-antennas-kindle-edition.pdf
    • http://www.gorillawalker.com/the-power-of-positive-students.pdf
    • http://www.gorillawalker.com/frontal-lobes-neuroscience-neuropsychology-neuropsychiatry-personality-emotion-language-speech-aphasia.pdf
    • http://www.gorillawalker.com/mcdougal-littell-en-espa-ol-mas-practica-cuaderno-level-1.pdf
    • http://www.gorillawalker.com/the-furies-violence-and-terror-in-the-french-and-russian.pdf
    • http://www.gorillawalker.com/ann-es-de-p-lerinage-ii-s-161-sonetto-104.pdf
    • http://www.gorillawalker.com/educating-mentally-handicapped-children-education-pamphlet.pdf
    • http://www.gorillawalker.com/the-power-of-forgetting-six-essential-skills-to-clear-out.pdf
    • http://www.gorillawalker.com/the-million-dollar-financial-services-practice-a-proven-system-for.pdf
    • http://www.gorillawalker.com/daily-wisdom-for-the-workplace-practical-on-the-job-insights.pdf
    • http://www.gorillawalker.com/52-weeks-of-family-spanish-bite-sized-weekly-lessons-to.pdf
    • http://www.gorillawalker.com/deadly-games-the-emperor-s-edge-book-3.pdf
    • http://www.gorillawalker.com/everyday-qigong-practice.pdf
    • http://www.gorillawalker.com/brazil-country-explorers.pdf
    • http://www.gorillawalker.com/shakespeare-s-love-sonnets.pdf
    • http://www.gorillawalker.com/eye-popping-photo-puzzles-spot-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.