Malicious PDF — malware analysis report

Static analysis result for SHA-256 4e1e4b4fdaef2ae3…

MALICIOUS

PDF

43.7 KB Created: 2018-11-14 08:37:07 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 188ce8c76631eb3d674de54ef6dee5ed SHA-1: b2c0cc782489a99b51d4c62251b2d57f8b90246b SHA-256: 4e1e4b4fdaef2ae3cda864af6a9fb177fd4446759fac0141a61d4bfc760b6e82
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links likely serve to direct users to malicious websites or to manipulate search engine results, a common tactic for distributing malware or conducting phishing campaigns.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bibliography-of-cuban-mass-communications-bibliographies-and-indexes-in-mass.pdf
    • http://www.gorillawalker.com/the-case-of-the-crimson-kiss-a-perry-mason-novelette.pdf
    • http://www.gorillawalker.com/criminal-and-non-criminal-homicide-medical-guide-book-for-research.pdf
    • http://www.gorillawalker.com/let-s-get-dressed-let-s-find-out.pdf
    • http://www.gorillawalker.com/encyclopedia-of-muslim-american-history-2-volume-set-library-of.pdf
    • http://www.gorillawalker.com/determination-of-5-bromo-2-deoxyuridine-brdu-in-well-water.pdf
    • http://www.gorillawalker.com/the-traditional-tunes-of-the-child-ballads-vol-1.pdf
    • http://www.gorillawalker.com/mdina-by-midnight-a-musical-scores-collection-12-original-maltese.pdf
    • http://www.gorillawalker.com/bond-11-non-verbal-reasoning-puzzles-9-12-years.pdf
    • http://www.gorillawalker.com/25-jobs-that-have-it-all.pdf
    • http://www.gorillawalker.com/what-language-does-your-patient-hurt-in-medical-assisting-a.pdf
    • http://www.gorillawalker.com/all-in-one-care-planning-resource-medical-surgical-pediatric-maternity.pdf
    • http://www.gorillawalker.com/disaster-at-d-day-the-germans-defeat-the-allies-june.pdf
    • http://www.gorillawalker.com/lectures-in-systematic-theology.pdf
    • http://www.gorillawalker.com/biofilms-formation-development-and-properties-biotechnology-in-agriculture-industry-and.pdf
    • http://www.gorillawalker.com/will-shortz-presents-summertime-pocket-kakuro.pdf
    • http://www.gorillawalker.com/spare-parts-making-money-on-ebay-selling-used-auto-parts.pdf
    • http://www.gorillawalker.com/meat-cake-13.pdf
    • http://www.gorillawalker.com/hemmeligheten-av-den-niende-planeten-the-secret-of-the-ninth.pdf
    • http://www.gorillawalker.com/easy-christmas-instrumental-solos-level-1-trombone-book-cd-alfred.pdf
    • http://www.gorillawalker.com/cyrano-de-bergerac-in-plain-and-simple-english.pdf
    • http://www.gorillawalker.com/ciencia-de-la-oracin-la-the-science-of-prayer-spanish.pdf
    • http://www.gorillawalker.com/esto-no-es-todo-this-is-not-everything-spanish-edition.pdf
    • http://www.gorillawalker.com/payments-systems-in-the-u-s-second-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/comments-on-oecd-draft-relating-to-transfer-pricing-aspects-of.pdf
    • http://www.gorillawalker.com/top-cowboy-cactus-creek-cowboy-singles-cactus-creek-cowboys.pdf
    • http://www.gorillawalker.com/the-kingstone-bible-vol-4-the-judges-kindle-edition.pdf
    • http://www.gorillawalker.com/constructions-of-reason-explorations-of-kant-s-practical-philosophy.pdf
    • http://www.gorillawalker.com/decorative-flower-painting.pdf
    • http://www.gorillawalker.com/prescription-for-type-2-diabetes-exercise.pdf
    • http://www.gorillawalker.com/rich-man-poor-man.pdf
    • http://www.gorillawalker.com/seasons-of-hope.pdf
    • http://www.gorillawalker.com/baker-monday-mcallister-more-strings-extraordinaire-viola-neil-a-kjos.pdf
    • http://www.gorillawalker.com/dictionnaire-de-la-pens.pdf
    • http://www.gorillawalker.com/the-great-poets-john-keats.pdf
    • http://www.gorillawalker.com/you-can-drum-but-you-can-t-hide-kindle-edition.pdf
    • http://www.gorillawalker.com/kabuki-plays-on-stage-restoration-and-reform-1872-1905-kabuki.pdf
    • http://www.gorillawalker.com/hope-for-the-holidays-historical-collection-kindle-edition.pdf
    • http://www.gorillawalker.com/sciencefusion-student-edition-interactive-worktext-grades-6-8-module-e.pdf
    • http://www.gorillawalker.com/dewey-decimal-classification-200-religion-class-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.