Malicious PDF — malware analysis report

Static analysis result for SHA-256 4eac2785bbb2f712…

MALICIOUS

PDF

43.1 KB Created: 2018-11-15 18:32:07 +03:00 Authoring application: QuarkXPress(R) 9.54
MD5: cf3188b32ba7fa851bd81deeb4bb0654 SHA-1: 9987c32f20c1ccf83921f19ae8d4a5f4aece72f4 SHA-256: 4eac2785bbb2f712a4bae886e3b3badcb0d34949455e01a3c31c32fed2d2a136
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links identified. The ML classifier also strongly indicated maliciousness. The embedded URLs point to various documents on the same domain, suggesting a coordinated effort to distribute content or redirect users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rapid-assessment-process-an-introduction.pdf
    • http://www.gorillawalker.com/the-emergence-of-a-tradition-technical-writing-in-the-english.pdf
    • http://www.gorillawalker.com/lutheranism-anti-judaism-and-bach-s-st-john-passion-with.pdf
    • http://www.gorillawalker.com/pocket-billiards-naughty-shenanigans.pdf
    • http://www.gorillawalker.com/forbidden-city-china-s-imperial-palace-castles-palaces-tombs.pdf
    • http://www.gorillawalker.com/a-double-treat-43.pdf
    • http://www.gorillawalker.com/problems-of-democratic-transition-and-consolidation-southern-europe-south-america.pdf
    • http://www.gorillawalker.com/mechanical-design-of-heat-exchangers-and-pressure-vessel-components.pdf
    • http://www.gorillawalker.com/voegelin-on-the-idea-of-race-an-analysis-of-modern.pdf
    • http://www.gorillawalker.com/laser-and-bose-einstein-condensation-physics.pdf
    • http://www.gorillawalker.com/making-soft-pastels-recipe-book-english-and-german-edition.pdf
    • http://www.gorillawalker.com/emarketing-the-essential-guide-to-online-marketing.pdf
    • http://www.gorillawalker.com/complete-camcorder-troubleshooting-repair.pdf
    • http://www.gorillawalker.com/arithmeticity-in-the-theory-of-automorphic-forms-mathematical-surveys-and.pdf
    • http://www.gorillawalker.com/gaining-ground-evenkis-land-and-reform-in-southeastern-siberia-part.pdf
    • http://www.gorillawalker.com/no-boundary-eastern-and-western-approaches-to-personal-growth.pdf
    • http://www.gorillawalker.com/prejudice-across-america.pdf
    • http://www.gorillawalker.com/canada-2013-world-today-stryker.pdf
    • http://www.gorillawalker.com/meet-the-mummy-famous-movie-monsters.pdf
    • http://www.gorillawalker.com/midland.pdf
    • http://www.gorillawalker.com/ernest-hemingway-critiques-of-four-major-novels.pdf
    • http://www.gorillawalker.com/t-cnicas-del-aval-o-inmobiliario-gu-a-completa-para.pdf
    • http://www.gorillawalker.com/awaken-healing-light-of-the-tao.pdf
    • http://www.gorillawalker.com/inside-out-straight-talk-from-a-gay-jock-kindle-edition.pdf
    • http://www.gorillawalker.com/cinema-the-arts.pdf
    • http://www.gorillawalker.com/the-two-character-play.pdf
    • http://www.gorillawalker.com/scientific-american-supplement-no-312-december-24-1881.pdf
    • http://www.gorillawalker.com/dk-essential-managers-understanding-accounts.pdf
    • http://www.gorillawalker.com/laporte-indiana.pdf
    • http://www.gorillawalker.com/the-birth-of-a-new-workforce-21st-century-strategies-that.pdf
    • http://www.gorillawalker.com/mass-communication-living-in-a-media-world.pdf
    • http://www.gorillawalker.com/monk-bishops-and-the-english-benedictine-reform-movement-reading-london.pdf
    • http://www.gorillawalker.com/a-joyful-day.pdf
    • http://www.gorillawalker.com/resources-for-teaching-gerontology-pub.pdf
    • http://www.gorillawalker.com/sex-attack.pdf
    • http://www.gorillawalker.com/basic-portrait-techniques.pdf
    • http://www.gorillawalker.com/before-the-central-american-court-of-justice-the-republic-of.pdf
    • http://www.gorillawalker.com/starlight-kindle-edition.pdf
    • http://www.gorillawalker.com/hurry-down-sunshine.pdf
    • http://www.gorillawalker.com/saffron-garlic-olives.pdf
    • http://www.gorillawalker.com/problems-of-democratic-transition-and-consolidation-southern-euro
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.