Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c8d8d70e8e06152…

MALICIOUS

PDF

42.0 KB Created: 2018-12-07 18:27:43 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 49079ed79c3d487af54e6de4bcca2ec6 SHA-1: 5df71d6442f005eaaf2f0f6b675728ecbfc4e827 SHA-256: 4c8d8d70e8e0615240f5c1f3cb0bcf00f9c1ef1dacb71ab6681ba666706a4a8a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the distribution of a large link farm, which could be used for SEO manipulation or to direct users to malicious sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/russell-s-unknown-logicism-a-study-in-the-history-and.pdf
    • http://www.gorillawalker.com/101ways-to-make-every-second-count.pdf
    • http://www.gorillawalker.com/the-atlas-of-israel-cartography-physical-and-human-geography.pdf
    • http://www.gorillawalker.com/managing-and-preventing-arthritis-the-natural-alternatives.pdf
    • http://www.gorillawalker.com/swedish-crime-fiction-the-making-of-nordic-noir.pdf
    • http://www.gorillawalker.com/the-first-casualty.pdf
    • http://www.gorillawalker.com/hornli.pdf
    • http://www.gorillawalker.com/razdelennaia-bol-russian-edition.pdf
    • http://www.gorillawalker.com/superimmunity.pdf
    • http://www.gorillawalker.com/bailar-el-deporte-y-mi-cuerpo-spanish-edition.pdf
    • http://www.gorillawalker.com/clash-8-cultural-conflicts-that-make-us-who-we-are.pdf
    • http://www.gorillawalker.com/atlas-of-bulgarian-endemic-plants.pdf
    • http://www.gorillawalker.com/knowledge-works-managing-intellectual-capital-at-toshiba-japan-business-economics.pdf
    • http://www.gorillawalker.com/the-healing-buddha-revised-edition.pdf
    • http://www.gorillawalker.com/us-army-ah-1-cobra-units-in-vietnam-combat-aircraft.pdf
    • http://www.gorillawalker.com/the-calcium-connection-a-revolutionary-diet-and-health-program-to.pdf
    • http://www.gorillawalker.com/pyrenees-pays-basque-est-baretons-soule-basse-navarre-no-2.pdf
    • http://www.gorillawalker.com/the-noisy-oscillator-the-first-hundred-years-from-einstein-until.pdf
    • http://www.gorillawalker.com/wasted-the-incredible-true-story-of-cricket-s-first-rock.pdf
    • http://www.gorillawalker.com/corvette-1963-83-chilton-s-repair-tune-up-guides.pdf
    • http://www.gorillawalker.com/great-source-mathstart-student-reader-super-sand-castle-saturday-measuring.pdf
    • http://www.gorillawalker.com/rick-steves-mona-winks-self-guided-tours-of-europe-s.pdf
    • http://www.gorillawalker.com/panel-discussion-food-industry-profits.pdf
    • http://www.gorillawalker.com/mcdougal-littell-en-espanol-level-2-pupil-edition-en-espa.pdf
    • http://www.gorillawalker.com/mining-the-sky-untold-riches-from-the-asteroids-comets-and.pdf
    • http://www.gorillawalker.com/america-in-the-1940-s-1940-s-famous-headlines-sports.pdf
    • http://www.gorillawalker.com/fear-and-loathing-in-america-the-brutal-odyssey-of-an.pdf
    • http://www.gorillawalker.com/cavalli-conoscere-riconoscere-e-allevare-tutte-le-razze-pi-note.pdf
    • http://www.gorillawalker.com/patterns-of-the-hypnosis-techniques-of-milton-h-erickson-volume.pdf
    • http://www.gorillawalker.com/11905-portraits-for-classroom-bulletin-boards-artists-portraits-for-classroom.pdf
    • http://www.gorillawalker.com/the-prince-highbridge-classics.pdf
    • http://www.gorillawalker.com/off-the-main-track.pdf
    • http://www.gorillawalker.com/pakistan-s-future-and-u-s-policy-options-csis-reports.pdf
    • http://www.gorillawalker.com/hidden-champions.pdf
    • http://www.gorillawalker.com/journey-to-data-quality.pdf
    • http://www.gorillawalker.com/roche-abbey-english-heritage-red-guides.pdf
    • http://www.gorillawalker.com/trastornos-del-sueno-sleep-disorders-diganosticos-y-tratamientos-diagnosis-and.pdf
    • http://www.gorillawalker.com/rompiendo-el-molde-la-historia-de-bono-especialidades-juveniles-spanish.pdf
    • http://www.gorillawalker.com/scattered-suns-the-saga-of-seven-suns-book-4.pdf
    • http://www.gorillawalker.com/all-for-owen-kindle-edition.pdf
    • http://www.gorillawalker.com/sup
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.