Malicious PDF — malware analysis report

Static analysis result for SHA-256 55363bdbb9266b59…

MALICIOUS

PDF

40.6 KB Created: 2019-03-17 06:15:19 +03:00 Authoring application: - (via Acrobat Distiller 7.0 (Windows))
MD5: 49f13018a0c947d5c9cf0ab5ace6bbdd SHA-1: 442ece40b1ab18ec6d6a319ee7e831c15986ef19 SHA-256: 55363bdbb9266b59312462f0340b3860245d44d3da52a4e53bb72f492a330851
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The document body, though heavily obfuscated, contains numerous URLs pointing to the same domain, suggesting a link farm or distribution mechanism. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jazz-suite-for-piano-duet.pdf
    • http://www.gorillawalker.com/the-life-and-death-of-images.pdf
    • http://www.gorillawalker.com/restless-nights-understanding-snoring-and-sleep-apnea.pdf
    • http://www.gorillawalker.com/solos-for-the-cello-player-cello-and-piano.pdf
    • http://www.gorillawalker.com/taddeo-and-federico-zuccaro-artist-brothers-in-renaissance-rome-getty.pdf
    • http://www.gorillawalker.com/travels-in-north-america-during-the-years-1834-1835-1836.pdf
    • http://www.gorillawalker.com/juba-good-a-ray-robertson-mystery-rapid-reads.pdf
    • http://www.gorillawalker.com/ethnic-crisis-in-sri-lanka-india-s-options.pdf
    • http://www.gorillawalker.com/emergency-nursing-principles-practice.pdf
    • http://www.gorillawalker.com/the-moment-of-clarity-using-the-human-sciences-to-solve.pdf
    • http://www.gorillawalker.com/innertkirchen.pdf
    • http://www.gorillawalker.com/first-report-of-the-philippine-civil-service-board.pdf
    • http://www.gorillawalker.com/how-to-reduce-your-risk-of-breast-cancer.pdf
    • http://www.gorillawalker.com/riza-shah-pahlavi-the-resurrection-and-reconstruction-of-iran-1878.pdf
    • http://www.gorillawalker.com/dan-graham-rock-my-religion-afterall.pdf
    • http://www.gorillawalker.com/left-turn-how-liberal-media-bias-distorts-the-american-mind.pdf
    • http://www.gorillawalker.com/iso-7589-2002-photography-illuminants-for-sensitometry-specifications-for-daylight.pdf
    • http://www.gorillawalker.com/victory-in-tripoli-how-america-s-war-with-the-barbary.pdf
    • http://www.gorillawalker.com/music-success-in-nine-weeks-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/abandon-book-2-underworld.pdf
    • http://www.gorillawalker.com/atlas-of-battle-of-chawinda.pdf
    • http://www.gorillawalker.com/directory-of-u-s-labor-organizations-2013-edition.pdf
    • http://www.gorillawalker.com/kamdesh.pdf
    • http://www.gorillawalker.com/the-trap.pdf
    • http://www.gorillawalker.com/the-dead-of-the-night-book-two-the-tomorrow-series.pdf
    • http://www.gorillawalker.com/mario-cravo-neto-laroye.pdf
    • http://www.gorillawalker.com/a-brief-history-of-video-games.pdf
    • http://www.gorillawalker.com/the-mormon-cleric-murder.pdf
    • http://www.gorillawalker.com/ukrainian-lonely-planet-phrasebook.pdf
    • http://www.gorillawalker.com/rose-wildflowers-of-montana-book-1.pdf
    • http://www.gorillawalker.com/underground-harmonies-music-and-politics-in-the-subways-of-new.pdf
    • http://www.gorillawalker.com/discourses-and-selected-writings-penguin-classics.pdf
    • http://www.gorillawalker.com/a-beginner-s-guide-to-doing-your-education-research-project.pdf
    • http://www.gorillawalker.com/canada-and-newfoundland-carpenter-s-world-travels-series.pdf
    • http://www.gorillawalker.com/100-cph-eat-every-hour-and-lose-weight.pdf
    • http://www.gorillawalker.com/picture-of-dorian-gray-the-a-longman-cultural-edition.pdf
    • http://www.gorillawalker.com/the-non-designer-s-design-book-3rd-edition-non-designer.pdf
    • http://www.gorillawalker.com/clifford-va-a-la-escuela-de-perros-spanish-edition.pdf
    • http://www.gorillawalker.com/best-practice-for-particle-monitoring-in-pharmaceutical-facilities-technical-monograph.pdf
    • http://www.gorillawalker.com/paella.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.