Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c7aa5e5709cf785…

MALICIOUS

PDF

44.7 KB Created: 2019-03-17 10:55:17 +03:00 Authoring application: FrameMaker 11.0 (via Acrobat Distiller 11.0 (Windows))
MD5: 75f7c38bfa92772cdc3c45bd96ea8473 SHA-1: 59cce03afb5bd57454c4ba93db8a3fcb096d165e SHA-256: 4c7aa5e5709cf78573f195fb299eeba7683506028026aacc2b71404965586ee8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to various PDF documents on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or content distribution tactic. No scripts were extracted from this sample. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nvq-2-care-student-handbook.pdf
    • http://www.gorillawalker.com/shout-hosanna-three-easter-dramas-for-children.pdf
    • http://www.gorillawalker.com/the-making-of-assisi-the-pope-the-franciscans-and-the.pdf
    • http://www.gorillawalker.com/70-contracts-law-essays-style-and-technique-law-school-e.pdf
    • http://www.gorillawalker.com/space-harmony-basic-terms.pdf
    • http://www.gorillawalker.com/the-newly-made-mason.pdf
    • http://www.gorillawalker.com/mordheim-a-mighty-tome-of-horror-and-adventure.pdf
    • http://www.gorillawalker.com/best-women-s-erotica.pdf
    • http://www.gorillawalker.com/the-political-economy-of-water-and-sanitation-routledge-studies-in.pdf
    • http://www.gorillawalker.com/colorado-a-history-states-and-the-nation.pdf
    • http://www.gorillawalker.com/diving-inside-story.pdf
    • http://www.gorillawalker.com/my-little-angel.pdf
    • http://www.gorillawalker.com/the-effect-of-kan-jang-extract-on-the-pharmacokinetics-and.pdf
    • http://www.gorillawalker.com/economic-crisis-world-food-system-the-battle-against-poverty-pollution.pdf
    • http://www.gorillawalker.com/creative-aspects-of-indian-english.pdf
    • http://www.gorillawalker.com/public-health-nursing-9912hp-a-partner-for-healthy-populatiions-american.pdf
    • http://www.gorillawalker.com/three-uses-of-the-knife-on-the-nature-and-purpose.pdf
    • http://www.gorillawalker.com/iec-60335-2-72-ed-2-0-b-2005-household.pdf
    • http://www.gorillawalker.com/bleach-18-the-deathberry-returns-spanish-edition.pdf
    • http://www.gorillawalker.com/nobodies-modern-american-slave-labor-and-the-dark-side-of.pdf
    • http://www.gorillawalker.com/snowdonia-adventure-atlas-1-25k-a-z-a-z-adventure.pdf
    • http://www.gorillawalker.com/child-protection-law-practitioner-series.pdf
    • http://www.gorillawalker.com/introducing-modernism-a-graphic-guide.pdf
    • http://www.gorillawalker.com/terrorism-and-the-electric-power-delivery-system.pdf
    • http://www.gorillawalker.com/favorite-ballets-coloring-book-dover-fashion-coloring-book.pdf
    • http://www.gorillawalker.com/skin-deep-natural-recipes-for-healthy-skin-and-hair.pdf
    • http://www.gorillawalker.com/pocket-atlas-of-head-and-neck-mri-anatomy.pdf
    • http://www.gorillawalker.com/background-notes-gabon-sudoc-s-1-123-g-11-991.pdf
    • http://www.gorillawalker.com/an-analysis-of-methods-for-extracting-aerodynamic-coefficients-from-test.pdf
    • http://www.gorillawalker.com/biker-week-at-the-beach-a-taboo-biker-menage.pdf
    • http://www.gorillawalker.com/loose-leaf-version-for-psychology-in-everyday-life-launchpad-6.pdf
    • http://www.gorillawalker.com/figuras-i-descripciones-de-aves-chilenas-spanish-edition.pdf
    • http://www.gorillawalker.com/environmental-noise-pollution-noise-mapping-public-health-and-policy.pdf
    • http://www.gorillawalker.com/asm-handbook-volume-10-materials-characterization-asm-handbook-asm-handbook.pdf
    • http://www.gorillawalker.com/minecraft-bauanleitungen-fur-dummies-german-edition.pdf
    • http://www.gorillawalker.com/indiana-jones-and-the-kingdom-of-the-crystal-skull-instrumental.pdf
    • http://www.gorillawalker.com/intellectual-property-rights-in-china-china-briefing.pdf
    • http://www.gorillawalker.com/the-nimrod-flipout-stories.pdf
    • http://www.gorillawalker.com/occupation-diaries.pdf
    • http://www.gorillawalker.com/bima-swarga-in-balinese-wayang-verhandelingen-van-het-koninklijk-instituut.pdf
    • http://www.gorillawalker.com/shout-hosanna-th
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.