Malicious PDF — malware analysis report

Static analysis result for SHA-256 502d1369c1876f5a…

MALICIOUS

PDF

44.3 KB Created: 2018-11-14 08:19:28 +03:00 Authoring application: Writer (via OpenOffice.org 2.4)
MD5: 579c6c20403e3e32427dec27cbde7e13 SHA-1: 8cf36ecd5b6596f1cb54ea45538c5c5d5a45bf65 SHA-256: 502d1369c1876f5a373121d61eb4a719ebb961073f50c1450b516f9a6ad92b2d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute further content, rather than a direct exploit. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/armorbearer-training-series-in-the-spirit-of-armorbearing-revised-and.pdf
    • http://www.gorillawalker.com/the-u-s-intelligence-community-fourth-edition.pdf
    • http://www.gorillawalker.com/violin-concerto-op-2-full-score-a6116.pdf
    • http://www.gorillawalker.com/ain-t-i-a-woman-black-women-and-feminism.pdf
    • http://www.gorillawalker.com/gastornis-prehistoric-beasts.pdf
    • http://www.gorillawalker.com/yasmina-reza-plays-1-art-life-x-3-the-unexpected.pdf
    • http://www.gorillawalker.com/children-s-encyclopedia-space-universe.pdf
    • http://www.gorillawalker.com/whole-earth-thinking-and-planetary-coexistence-ecological-wisdom-at-the.pdf
    • http://www.gorillawalker.com/women-who-don-t-wait-in-line-break-the-mold.pdf
    • http://www.gorillawalker.com/the-anthropological-turn-the-human-orientation-of-karl-rahner-moral.pdf
    • http://www.gorillawalker.com/acsm-s-exercise-management-for-persons-with-chronic-diseases-and.pdf
    • http://www.gorillawalker.com/intikhab-e-majaz-selected-poems-of-majaz.pdf
    • http://www.gorillawalker.com/13-planets-the-latest-view-of-the-solar-system-national.pdf
    • http://www.gorillawalker.com/leonard-maltin-s-movie-and-video-guide-2001-leonard-maltin.pdf
    • http://www.gorillawalker.com/eat-like-an-italian-recipes-for-the-good-life.pdf
    • http://www.gorillawalker.com/a-guide-to-the-whitewater-rivers-of-washington-a-comprehensive.pdf
    • http://www.gorillawalker.com/reminiscences-of-glasgow-and-the-west-of-scotland-v-3.pdf
    • http://www.gorillawalker.com/allergies-at-your-fingertips-at-your-fingertips.pdf
    • http://www.gorillawalker.com/theory-of-groups.pdf
    • http://www.gorillawalker.com/strangers-in-the-abandoned-house-trouble-with-strangers-2.pdf
    • http://www.gorillawalker.com/rheological-properties-of-polymer-modified-binders-for-use-in-rolled.pdf
    • http://www.gorillawalker.com/the-ghost-bride.pdf
    • http://www.gorillawalker.com/but-first.pdf
    • http://www.gorillawalker.com/the-baker-s-wife-vocal-selections-piano-vocal.pdf
    • http://www.gorillawalker.com/the-airway-cam-guide-to-intubation-and-practical-emergency-airway.pdf
    • http://www.gorillawalker.com/riding-home-the-power-of-horses-to-heal-kindle-edition.pdf
    • http://www.gorillawalker.com/las-dimensiones-en-arquitectura-architectural-graphic-standards.pdf
    • http://www.gorillawalker.com/sounds-of-celebration-bb-trumpet.pdf
    • http://www.gorillawalker.com/the-science-of-monsters-the-origins-of-the-creatures-we.pdf
    • http://www.gorillawalker.com/sensory-biology-of-sharks-skates-rays.pdf
    • http://www.gorillawalker.com/unti-holley.pdf
    • http://www.gorillawalker.com/the-catalogues-of-the-manuscript-collections-in-the-british-museum.pdf
    • http://www.gorillawalker.com/attendance-registration-pad-holder-teal-pkg-of-6.pdf
    • http://www.gorillawalker.com/the-splendor-of-the-word-medieval-and-renaissance-illuminated-manuscripts.pdf
    • http://www.gorillawalker.com/the-simple-guide-to-customs-and-etiquette-in-germany-simple.pdf
    • http://www.gorillawalker.com/bikes-scooters-skates-and-boards-how-to-buy-em-fix.pdf
    • http://www.gorillawalker.com/beautifully-broken.pdf
    • http://www.gorillawalker.com/collected-gender-transformation-erotica-acquired-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/why-not-lafayette.pdf
    • http://www.gorillawalker.com/succesvol-publiceren-op-amazon-handboek-dutch-edition.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.