Malicious PDF — malware analysis report

Static analysis result for SHA-256 4d0900cbf7e2a45e…

MALICIOUS

PDF

41.2 KB Created: 2019-03-17 10:25:26 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 522ccd2b9a6dd293560f2bf500003ba9 SHA-1: ec44394e678e8121b8344d666971173dda98e349 SHA-256: 4d0900cbf7e2a45e739163c560e0e7aade887080ab6fa066ed121695b509fb0f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malicious content. The primary IOCs are the URLs found within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/consciously-creating-circumstances.pdf
    • http://www.gorillawalker.com/what-are-they-saying-about-the-grace-of-christ.pdf
    • http://www.gorillawalker.com/anxiety-and-panic-attacks-teen-mental-health.pdf
    • http://www.gorillawalker.com/javascript-and-ajax-for-dummies.pdf
    • http://www.gorillawalker.com/matt-s-kitchen-garden-cookbook.pdf
    • http://www.gorillawalker.com/a-boy-named-jesus.pdf
    • http://www.gorillawalker.com/warpaint-colors-and-markings-of-british-army-vehicles-1903-2003.pdf
    • http://www.gorillawalker.com/horse-safety-horse-illustrated-simple-solutions.pdf
    • http://www.gorillawalker.com/the-a-to-z-of-the-puritans-the-a-to.pdf
    • http://www.gorillawalker.com/pocket-eyewitness-dinosaurs.pdf
    • http://www.gorillawalker.com/bugging-in-or-bugging-out.pdf
    • http://www.gorillawalker.com/the-hidden-places-of-norfolk-including-the-norfolk-broads-hidden.pdf
    • http://www.gorillawalker.com/the-monstrumologist-paperback.pdf
    • http://www.gorillawalker.com/storey-s-guide-to-raising-chickens-care-feeding-facilities.pdf
    • http://www.gorillawalker.com/time-resolved-electron-diffraction-for-chemistry-biology-and-material-science.pdf
    • http://www.gorillawalker.com/cna-nursing-jobs-the-job-getting-formula-for-nurses-seeking.pdf
    • http://www.gorillawalker.com/kenny-s-window.pdf
    • http://www.gorillawalker.com/beyond-the-logo-kindle-edition.pdf
    • http://www.gorillawalker.com/the-computational-beauty-of-nature-computer-explorations-of-fractals-chaos.pdf
    • http://www.gorillawalker.com/neath-rfc-1871-1945-images-of-sport.pdf
    • http://www.gorillawalker.com/popular-mechanics-workshop-table-saw-fundamentals-the-complete-guide.pdf
    • http://www.gorillawalker.com/at-her-mercy-a-female-domination-story.pdf
    • http://www.gorillawalker.com/sun-and-moon-solar-system.pdf
    • http://www.gorillawalker.com/wings-over-the-yukon-a-photographic-history-of-yukon-aviation.pdf
    • http://www.gorillawalker.com/dictionary-of-statistics-methodology-a-nontechnical-guide-for-the-social.pdf
    • http://www.gorillawalker.com/papier-mache-project-book.pdf
    • http://www.gorillawalker.com/libro-de-jugadas-de-los-entrenadores-de-la-nba-nba.pdf
    • http://www.gorillawalker.com/the-hand-sculpted-house-a-practical-and-philosophical-guide-to.pdf
    • http://www.gorillawalker.com/heartsaver-pediatric-first-aid-aed-dvd-set.pdf
    • http://www.gorillawalker.com/kindle-fire-tips-and-tricks-how-to-unlock-the-true.pdf
    • http://www.gorillawalker.com/still-worlds-collide-philip-wylie-and-the-end-of-the.pdf
    • http://www.gorillawalker.com/masters-of-surf-photography-ted-grambeau.pdf
    • http://www.gorillawalker.com/florida-test-prep-practice-test-book-fcat-2-0-reading.pdf
    • http://www.gorillawalker.com/enchanted-time-timeswept.pdf
    • http://www.gorillawalker.com/robert-s-rules-of-order-quick-study-business.pdf
    • http://www.gorillawalker.com/bound-volume-1.pdf
    • http://www.gorillawalker.com/the-duke-and-the-baron-absolute-surrender.pdf
    • http://www.gorillawalker.com/99-thoughts-about-guys-for-girls-eyes-only.pdf
    • http://www.gorillawalker.com/fit-well.pdf
    • http://www.gorillawalker.com/strategy-and-arms-control.pdf
    • http://www.gorillawalker.com/the-hidden-pl
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.